Hi,
Sorry for the noob Q but I’m stuck, and any help is appreciated!
I’ve got this vault CLI command doing aws auth successfully:
vault login --token-only --method=aws header_value=… role=…
(please note that this command works when the following env vars are configured: 1. VAULT_CACERT, 2. AWS_ACCESS_KEY_ID, 3. AWS_SECRET_ACCESS_KEY, 4. AWS_SESSION_TOKEN)
What I’m trying to achieve is to convert the above vault CLI call to API call, using this manual - AWS - Auth Methods - HTTP API | Vault by HashiCorp, and it doesn’t go smoothly. I’ve got 3 questions:
-
How do I create iam_request_headers ? If I use Base64-encoding, what is the string that should be encoded based on AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN? Could you please provide an example?
-
Where do I use VAULT_CACERT (pointing to a local PEM file) and how? I do need it for my “vault login” CLI so I assume I should use it in API command as well…
-
Do I need to reflect “–token-only” in my API call? How?
Thanks a lot in advance,
LG