Hello! I have Vault up and running, but now I am a bit confused as to how I should set it up to work with our environment. I would like to make it so that if you are authenticated via LDAP and you belong to a group then you have access to the secrets which that group is allowed to access (without having to supply credentials/tokens because the user is already authenticated in LDAP). Is something like this possible or am I barking up the wrong tree?
Some other info, in case there is a different approach I should be taking:
We have at least two different departments who would like to access their own secrets without giving them away to the other departments. We would like to commit code in Git that everyone can see, but only the people who have access can run and get to execute successfully. Thoughts?