How can I detect if vault is authenticated?

ieugen · August 12, 2022, 2:10pm

So I issued a vault login command and I got this prompt:

Waiting for OIDC authentication to complete…
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run “vault login”
again. Future Vault requests will automatically use this token.

We have some scripts that need vault access to succeed.
I would like to check if vault is authenticated before issuing those commands.
I don’t want to have vault login before every one of the tasks.

I’ve set up a helper that people can call when they start work: bb access (it’s a babashka script). The script logs the user in and generates a SSH certificate.
So calling other tasks that require vault access should be transparent. So is SSH’ing into servers.

How can I check if token is still valid to avoid running vault login ?

aram · August 12, 2022, 3:22pm

You can use vault token lookup. If you have a valid token (and the permission on auth/token/lookup-self) then it’ll return 0. If you don’t then it’ll return a positive number.

ieugen · August 15, 2022, 2:38pm

Thanks.

I also saw the token is cached locally in ~/.vault-token.
I will create an issue to for vault to use XDG directories instead of spitting it inside home.

https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
https://wiki.archlinux.org/title/XDG_Base_Directory

Topic		Replies	Views
Any Vault CLI query to check if I am logged in? Vault	6	8281	September 22, 2023
Way to query that Vault auto-auth has finished? Vault	1	256	October 13, 2021
Auto-login with OS keychain or show status of login Vault	0	226	August 11, 2023
Scripting vault and still bleeding secrets in the log Vault	1	290	April 13, 2021
Building a vault-integrated CLI tool, recommendations for auth handling? Vault	2	1003	March 18, 2020

How can I detect if vault is authenticated?

Related topics