README
¶
myvault
description
This little application is a prototype to interconnect Yukikey with Vault using piv mode of Yubikey. This allow to build a quick and dirty password manager where information get saved in secure way into Vault and accessible from all location where the Vault server is accessible.
pre req
Have a yubikey (or equivalent) key supporting piv mode to store private key and authentication certificate in it. Have certificate loaed to the key Have Hashicorp Vault knowledge
environment need
You need a working Hashicorp Vault server supporting Certificates as authentication mechanism you can found all documentation needed https://developer.hashicorp.com/vault/docs/what-is-vault
setup the Vault and Yukibey configuration
- Configure Vault with Auth with TLS certificate : https://developer.hashicorp.com/vault/docs/auth/cert
- Install your Yubikey Authentication Certificate into the Auth cert uisng either the UI, the CLI or the API
- Make sure your certificate is associated with the proper Policy that allow certificates manipulation
example if your kv secret is mount to kv/*
# Allow a token to set kv path "kv/*" { capabilities = ["create", "read", "update", "delete", "list" } - Set the token TTL for the certificate to be small as possible.
- (todo renew token if expired)
If you do not have piv or equivalent this application fallback to username/password to get Vault access. Same if your pin is Invalid
Run the application
go run cmd/cli/myvault.go
or compile it
go build cmd/cli/myvault.go
Batch Load
you can use a CSV File to load your data: the format is the following: SecretID, Username, Credential, Comment no header are expected on the CSV file
TODO
Split in several files
Directories