| description |
|---|
Let's assume you're familiar with core Git, Terraform and Rule Engine concepts . Below are some of the concepts that are specific to AuthSafe. |
Let's assume you're familiar with core Git, Terraform and Rule Engine concepts . Below are some of the concepts that are specific to AuthSafe.
Attachment
Attachment attach an integration with its corresponding terraform module.
Integration contains required authentication details of how to access the requested target.
Terraform module contains instruction to create/grant credential in the requested target.
Integration
Integration is an intermediate between authsafe and secret backend that support key-value secret store.
Supported backend:
- Hashicorp Vault
- AWS Secret Manager
Rule
Rule is evaluated per request.
A rule evaluation request contains ticket and attachment data. Rule evaluation request will be evaluated against a list of rule stored in a git repository.
Sample rule: https://github.com/auth-safe/example-rule
Repository
Repository store terraform module that will be applied to grant permission to an user. Two important aspects:
-
Variable
AuthSafe expect administrator to provide serveral variable with exact names:
- user_email: this will be extracted from user's Authorization token
-
Output
AuthSafe will save this output for user to download it later. Example use case is: Terraform module that create user in MySQL database, user request SSH key to access Virtual Machine,...