VaultSharp: AWS IAM authentication does not work
I’ve tried many things to get AWS IAM role authentication to work and every time I get the error from vault:
{"errors":["didn't supply required authentication values"]}
Here is what I have that I think should work but get the above error:
var requestHeader = Convert.ToBase64String(Encoding.UTF8.GetBytes("{\"X-Vault-AWS-IAM-Server-ID\":[\"vault.example.com\"]}"));
var authMethod = new IAMAWSAuthMethodInfo(roleName: "my-role", requestHeaders: requestHeader);
I also didn’t see an included example of this.
Here is a snippet in python/ruby where people report works for AWS IAM auth - https://gist.github.com/joelthompson/378cbe449d541debf771f5a6a171c5ed#file-vault_aws_auth_py3-py
Using the vault CLI I am able to auth:
vault auth -method=aws -token-only header_value=vault.example.com role=my-role
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 36 (15 by maintainers)
Commits related to this issue
- Fixes [GH-61] to supply all the necessary values for IAM Auth login. — committed to rajanadar/VaultSharp by rajanadar 5 years ago
Fantastic. I have a bug in the constructor without the mount point. That’s why the one without the mount point fails. If you use the constructor with the mount point, it works.
I’ll fix the bug in a day. Then you should be able to use either constructor.
Need this in order to leverage this package for our systems. Do you need help implementing/fixing @rajanadar? (I haven’t yet used so don’t know where the implementation is up to).