Establishing a connection to a target via the Boundary HTTP API

macmiranda · March 22, 2023, 11:59pm

In case anyone ever wonders about the same question, it’s possible to establish a session in two steps:

You can authorize the session and get the credentials your client will need to authenticate (this is just an example for db creds but should be similar for kubernetes):

$ OUTPUT=$(boundary targets authorize-session -id ttcp_DB********w5 -format json)
$ echo $OUTPUT | jq -r '.item.credentials[].secret.decoded'
{
  "password": "REDACTED",
  "username": "v-token-to-target-nfZzom*************9528811"
}

From the same output you need to get the authorization_token:

$ AUTHZ_TOKEN=$(echo $OUTPUT | jq -r '.item.authorization_token')

You can then establish the connection using the above token:

$ LISTEN_PORT=<choose yours>
$ boundary connect -listen-port $LISTEN_PORT -authz-token $AUTHZ_TOKEN

Topic		Replies	Views
Programmatically Retrieve the Port Number of a Target in Boundary Using CLI Boundary	3	169	January 29, 2024
Boundary connect usage in script Boundary	3	747	March 29, 2022
A script to set up persistent connections to k8s clusters Boundary k8s	0	293	August 4, 2022
Boundary worker proxy Boundary	2	1019	April 5, 2021
Unable to connect to target Boundary	3	1644	October 15, 2020

Establishing a connection to a target via the Boundary HTTP API

Related topics