Github token secret backend?

Hi all

We currently keep a Github token in our Vault KV. The workflow is easy enough, but users need to know the path where the secret is kept, and it requires manual updating when we need to rotate the token.

I was wondering though if there were any plans to add a Github backend for Vault secrets, similar to the way this is done with databases and AWS credentials. Something like reading a secret under /github which would return a new token, based on a preconfigured role. This role could determine what permissions would be attached to the token.

Perhaps this is impossible or unfeasible? Has anyone else come up against this?


There is one already (note I’ve not used it yet): GitHub - martinbaillie/vault-plugin-secrets-github: Create ephemeral, finely-scoped @github access tokens using @hashicorp Vault.