I’m setting up Vault and using github auth to allow all users from an organisation to access secrets using their PAT.
I’ve created a Vault external group for that github organisation, but is it mandatory that all users of the github organization are in the github team named like the group, or is there a way to allow all the users of the github organization without assigning them to a team ?
except in the learn tutorial, i can’t find documentation about that.
Thanks
Hi @pciavald!
It depends whether you want to assign certain GitHub users from your organization specific policies.
If you just want to grant all users from your GitHub organization a set of policies then you can do that with the token_policies parameter (https://www.vaultproject.io/api-docs/auth/github/#inlinecode-token_policies-17) while configuring your GitHub Auth backend.
Cheers,
Michel
Thanks for your answer @michelvocks ! I’ve set it up using the UI, is it the same as assigning the policy to the auth method through the UI or should i redo it using the cli ?
There are no differences between ui, cli and api.