support service account
wasaga opened this issue · comments
Denis Mishin commented
Is your feature request related to a problem? Please describe.
I'd like to run pomerium-cli
as a sidecar in a container, enabling access to services running in another cluster or network.
Describe the solution you'd like
I'd like to be able to pass a service account token to the CLI, so that connection would be available until the SA token expires.
A container should quit if the token is expired with a clear error message.
Describe alternatives you've considered
Explain any additional use-cases
Additional context
Related: #58
bobby commented
Problems this aims to solve:
- Session expiration can be frustrating when multiple connections are open (then they all open up at once) pomerium/desktop-client#162
- Not having control over which browser (or browser profile) is opened when the session is expired
- We want to provide a way for folks to leverage the cli and service accounts to make machine to machine calls.
I think we should tackle (1) (2) in follow up tickets in the desktop client. We should support (3).