Current workflow expects us to run the boundary CLI (or write our own tool using the SDK). I’m wondering what the vision might be for a browser-only workflow.
Here’s a scenario:
I want to expose an internal dashboard to my colleagues. Ideally, they can do it completely in the browser, particularly for less tech-savvy people.
Here’s a potential solution:
- DNS entry for service.mycorp.com points at Boundary
- Boundary does the auth (hurrah OIDC #1 on roadmap!)
- Boundary maps DNS entry to a host set
- Boundary proxies traffic to the actual service, along with auth tokens to potentially not have to authenticate more than once
Is this workflow currently possible? I’m not seeing it, but there’s a chance I’ve missed something.
If it isn’t possible, is this a flow that you’re considering? For me, this ability plus the integration with services like Vault that is discussed in this topic would be a comprehensive Zero Trust environment without further VPN solutions.
Edit: link to a relevant topic: Question around accessing web targets