Has anyone played around with having Github codespaces authenticate to Vault? They seem to come with Github PATs, but the PATs cannot read organization information, meaning I don’t think they can login to vault by default
Q about vault-token lookups:
does anybody know what permission is required to actually lookup your-own token data? Right now, I tried logging in with a test app-role account, but it cant even look up or renew its own token.
# LOGIN using the approle app-spa-npd-jenkins-readonly:
vault write auth/approle/login role_id=*** secret_id=***
URL: GET <https://vault.lllint.com/v1/auth/token/lookup-self>
Code: 403. Errors:
* permission denied