Proposal: Support AWS IAM auth for Vault provider
missedone opened this issue · comments
the Vault go SDK support AWS IAM as the auth method, so that the app doesn't necessarily need to hold the auth token which could be a risk, because securing the vault token becomes a challenging task.
i think we can introduce an new field authMethod
in Vault config struct https://github.com/knadh/koanf/blob/master/providers/vault/vault.go#L15
we may use token as the default method to keep the back compatibility
ref:
one thing you might not like, if we start supporting AWS IAM auth, people may ask for supporting other methods listed here https://developer.hashicorp.com/vault/docs/auth
it could ends with a lot dependencies for Vault Provider