okta
archit0/okta/vault
terraform-vault-okta Terraform configuration to configure Vault with Okta using the OIDC auth plugin Setting up Okta OIDC Auth For this to work, you'll need to be an Okta administrator: Setting up Groups Let's create two groups: vault_admins or something similar. These groups will be given permissions to do things within Vault. Within those groups, let's add some users in the Okta Admin console. Configuring the Authorization Server Okta has a default authorization server that you can either edit or create another one. You get to this setting by going to Security > API > Authorization Servers. For this, we'll create a new one. New Authorization Server for Vault Click Add Authorization Server. For name enter Vault, for audience enter api://vault, and then enter a meaningful description. Upda
| Name | Type | Description | Default |
|---|---|---|---|
| okta_client_secret | string | Okta Vault app client secret | |
| okta_bound_audiences | list | A list of allowed token audiences | |
| okta_client_id | string | Okta Vault app client ID | |
| okta_discovery_url | string | Okta Authz server Issuer URI: i.e. https://<org>.okta.com/oauth2/<id> | |
| vault_addr | string | Vault address in the form of https://domain:8200 | |
| auth_redirect | string | Port to open locally to login with the CLI | "http://localhost:8250/oidc/callback" |
| okta_allowed_groups | list | Okta group for Vault admins | [
"vault_admins"
] |
| okta_mount_path | string | Mount path for Okta auth | "okta_oidc" |
| roles | map | Map of Vault role names to their bound groups and token policies. See terraform. | {} |
| cli_port | number | Port to open locally to login with the CLI | 8250 |