Vault github auth teams and policies

ebadusb · December 2, 2020, 10:31pm

I am following the instructions in the documentation on this subject:

I’ve set token policies at the organization level and when I authenticate using the Github personal access token (PAT) I see those policies, however, my Github user belongs to a team called “development”, and I defined a policy called “protobuilder”. I ran the following:

vault write auth/github/map/teams/development value=protobuilder

Then I logged in as the user in the development team with that user’s PAT
vault login -method=github
GitHub Personal Access Token (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run “vault login”
again. Future Vault requests will automatically use this token.

[redacted by admin]

I am not seeing the protobuilder policy assigned. Any idea what I missed?

ebadusb · December 3, 2020, 12:12am

Okay, it looks as if the issue was on the Github side. I needed to enable SSO on the PAT. Of course I only got to this after posting here.

hsimon-hashicorp · June 21, 2022, 8:58pm

I’m going to go ahead and edit/remove this post, though - you’ve listed some secrets in the OP and we don’t want any harm to come to your org.

Topic		Replies	Views
External group for github auth without team Vault	3	402	March 16, 2020
GitHub auth with a personal GitHub account? Vault	2	844	March 1, 2020
GitHub auth method best practices: Do you create a new github token every day? Vault	2	308	March 25, 2021
How to setup hashicorp vault with github authentication with multiple org Vault	1	1319	January 24, 2020
Does GitHub auth provider support nested teams? Vault	0	266	July 2, 2021

Vault github auth teams and policies

Related topics