Luke Granger-Brown
7592e76a31
tokend is responsible for issuing service-scoped tokens based on the token held and generated by the Vault Agent. It can also generate "server-user" scoped tokens, which exist for convenience's sake: they are not a strong attestation of the user on the machine, and have limited privileges compared to a Vault token issued using e.g. `vault login -method=oidc`.
17 lines
376 B
Nix
17 lines
376 B
Nix
# SPDX-FileCopyrightText: 2022 Luke Granger-Brown <depot@lukegb.com>
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
{ depot, ... }:
|
|
depot.third_party.buildGo.program {
|
|
name = "tokend";
|
|
srcs = [
|
|
./tokend.go
|
|
./tokencache.go
|
|
./vaultissuer.go
|
|
];
|
|
deps = with depot.third_party; [
|
|
gopkgs."github.com".golang.glog
|
|
gopkgs."github.com".hashicorp.vault.api
|
|
];
|
|
}
|