Is there a way to require that two “entities” coordinate in order to:
- create a token that allows an action
- use that token to actually perform the action
For example, A wants to write to auth/userpass/users/mom
and has to ask B: “please create me a token that allows me to write to mom”. B creates the token that allows the creation of auth/userpass/users/mom
(or even auth/userpass/users/*
). B, somehow cannot use that token, but A can. A gets the token from B, and creates the auth/userpass/users/mom
.
It could also be the other way around, B wants to write to auth/userpass/users/dad
and ask A, “please create me a token…”…
Does that make sense? Is it possible with Vault?