-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token metadata support for policy template #10460
Comments
Hi @iamlothian, I won't rule out the possibility that we implement this at some point. In the meantime however, I think you can achieve the result you're aiming for by creating an entity and alias for each role that needs distinct policies, put the metadata into the entity, and bind the entity alias to the token role. |
Actually, we've discussed this more internally, and we've decided we don't want to do this. The entity-alias solution is the right way to handle this. Allowing non-entity tokens to have interpolatable metadata would complicate some of our 1.9 work. Sorry about that! |
Is your feature request related to a problem? Please describe.
I have a number of microservices that use vault to access configuration secrets, and each has an orphaned token generated for it using a specific role that defines policies for access to applications specific config secrets.
application-config-secrets
app-config
Create token Token
Request to retrieve secret
Describe the solution you'd like
I'd like to be able to interpolate the token's metadata in my policy to simplify ACL policy management
Describe alternatives you've considered
Without this each service will require an explicit policy to limit access to it's own secrets and the solution become far less generic to manage.
The text was updated successfully, but these errors were encountered: