I have
vault auth enable app-id
vault write auth/app-id/map/app-id/APPLICATION_1 value=backend-policy display_name=APPLICATION_1
…
and now I have in some older vault code this mapping between app-id and user-id:
vault write auth/app-id/map/user-id/${BACKEND_USER} value=APPLICATION_1, APPLICATION_2
where user-id
represents userpass
then I have for every APPLICATION
vault write auth/app-id/login/APPLICATION_1 user_id=${BACKEND_USER}
Uhh, I am trying to use new vault which even deprecates app-id for AppRole
so I have enabled again appRole
this time. Equivalent command to create roles:
vault write auth/app-id/role/APPLICATION_1="backend-policy"
…
I can get from it role-id
and secret-id
for particular role.
How to make mentioned mappings between APPLICATION_1… this time roles and userpass admin?
I have tried something like this
vault write auth/approle/map/userpass/${BACKEND_USER} value=APPLICATION_1
I got route entry not found, as per my understanding mapping its to have some relation between userpass and approle, but if somebody can explain how does it work even better.
I guess that after mapping every backend application will need authenticate through userpass password.
Pleas enlight me on my DevOps way