Vault Authentication Azure Auth Method Demo Application

Overview

Vault Authentication Azure Auth Method Demo Application

This application demonstrates how applications hosted on Azure VMs can use managed identity to authenticate with HashiCorp Vault using the Azure Auth Method. For more information on using Azure Identity with HashiCorp Vault, checkout my Integrating Azure AD Identity with HashiCorp Vault blog series

Two environment variables need to be set for this demo application:

  • VAULT_ADDR The address of your Vault instance
  • VAULT_ROLE The name of the Vault role the application should use to authenticate

DO NOT USE THIS IN PRODUCTION. IT IS FOR DEMONSTRATION PURPOSES ONLY.

How this application works

The virtual machine will need a managed identity attached to it. This can either be system-assigned or user-assigned. This allows our application to make a local API call within the VM to obtain an oauth token.

Azure also has the Instance Metadata Service (IMDS) which allows our application to call a local endpoint on the VM to obtain useful metadata. In order to authenticate to Vault using the Azure auth method, the application need to obtain the subscriptionID, resourceGroupName, and name from the IMDS. These pieces of metadata in combination to the bearer token obtained using the managed identity, can then be verified by Vault checking with Azure that the information is valid. Once validated, Vault will return a Vault token to the application.

Auth Workflow

How to use this application

  1. Clone this repository to your Azure VM.
  2. Set the required environment variables VAULT_ADDR and VAULT_ROLE.
  3. Run cd demo-app-vault-azure-auth to change into the application directory.
  4. Run go run .

You should see similar output to the following:

Sucessfully authenticated to Vault.
Vault Token: s.YyP0P54uGMg5Cm67T8eMyax3 
Owner
DevOps Rob
Senior Developer Advocate at @hashicorp. Doing my part to help build a better and more autonomous world
DevOps Rob
vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault.

vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault. Create user accounts, add TOTP tokens (user supplied pin + totp), and have peace of mind using 2FA.

null 0 Jul 30, 2021
Go module with token package to request Azure Resource Manager and Azure Graph tokens.

azAUTH Go module with token package to request Azure Resource Manager and Azure Graph tokens. prerequisites Install azure cli: https://docs.microsoft.

Bart 1 Dec 1, 2021
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

MousyBusiness 1 Nov 17, 2021
Auth Go microservice for managing authentication sessions

cryptomath-go-auth Auth Go microservice for managing authentication sessions. Install dependencies $ make deps Build $ make vendor $ make build Databa

Crypto Math 0 Mar 4, 2022
HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Saba Sahban 12 May 12, 2022
Authelia: an open-source authentication and authorization server providing two-factor authentication

Authelia is an open-source authentication and authorization server providing two

Streato 0 Jan 5, 2022
Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Paul Greenberg 432 Jun 25, 2022
A simple passwordless authentication middleware that uses only email as the authentication provider

email auth A simple passwordless authentication middleware that uses only email as the authentication provider. Motivation I wanted to restrict access

Miroslav Šedivý 4 Jan 31, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Dinesh Bhattarai 0 Jan 30, 2022
Barbar Service is a project for demo of simple distribute authentication Service.

Barbar Service Barbar Service is a project for demo of simple distribute authentication Service. Project Structure Basicaly we reffer to Domain Driven

Audy Vaksi Pranata 3 Mar 13, 2022
A demo of authentication and authorization using jwt

Nogopy Hi, this a demo of how to use jwt for authentication in microservices Keep in mind that this is a demo of how to authenticate using jwt, we don

null 2 Nov 1, 2021
2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d

Rijul Gulati 76 Jun 15, 2022
Example of a simple application which is powered by a third-party oAuth 2.0 server for it's authentication / authorization. Written in Golang.

go mod init github.com/bartmika/osin-thirdparty-example go get github.com/spf13/cobra go get github.com/openshift/osin go get github.com/openshift/osi

Bartlomiej Mika 0 Jan 4, 2022
A simple authentication web application in Golang (using jwt)

Simple Authentication WebApp A simple authentication web app in Go (using JWT) Routes Path Method Data /api/v1/auth/register POST {"firstname":,"lastn

Shayan 2 Feb 6, 2022
Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token

azureimposter Go module that pretends to be any clientID and grabs an authentication token from Azure using interactive login (w/mfa if enabled) and r

Lars Karlslund 22 Jun 23, 2022
The boss of http auth.

Authboss Authboss is a modular authentication system for the web. It has several modules that represent authentication and authorization features that

Volatile Technologies Inc. 3.1k Jun 29, 2022
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Quan Hoang 33 Jun 3, 2022
Validate Django auth session in Golang

GoDjangoSession Valid for django 3.0.5 Usage: package main import ( "encoding/base64" "fmt" "session/auth" "github.com/Kuzyashin/GoDjangoSession"

Alexey Kuzyashin 26 Feb 13, 2022
Golang Mongodb Jwt Auth Example Using Echo

Golang Mongodb Jwt Auth Example Using Echo Golang Mongodb Rest Api Example Using Echo Prerequisites Golang 1.16.x Docker 19.03+ Docker Compose 1.25+ I

Şuayb Şimşek 7 Jun 10, 2022