vault: complete integration with remaining vault auth schemes and engines

[noahehall]

C

• decided to split integration with vault into two stages, ALPHA and BETA
  • lol it was taking longer than expected
• this is for beta, and only when these integrations are needed
  • likely once were' exiting test.nirv.ai and entering stage.nirv.ai

T

• admin token automation
  • secrets engines enablement and configuration
    • AWS
      • ALPHA: managing AWS access via aws cli ~/.aws/configs and ~/.aws//credential files
      • BETA: manage AWS creds via dynamic provisioning with vault
    • nomad
      • ALPHA: anyone with access to server can submit jobs
      • BETA: setup nomad ACL policies and integrate with vault
    • ssh
      • ALPHA: managing ssh via ~/.ssh/config and storing keys locally
      • BETA: manage ssh creds via vault provisioning
    • terraform cloud
      • ALPHA: logging into tf cloud via github; and only using it to store state (using CLI workflow)
      • BETA: generate tf cloud creds dynamically via tf cloud secret backend
  • auth schemes enablement and configuration
    • aws
      • ALPHA: authneticating to vault via approle, or token auth
      • PROD: not sure when this will be appropriate,but this enables authenticating to vault via IAM policies for humans or IAM policies attached to ec2 instances (machine authentication)
        • basically vault asks AWS to validate the request via IAM id/arn or something like that, spend some time on this when its relevant
    • userpass
      • there arent any users but me and my machines, fk userpass right now

A

• nomad acl docs
• securing nomad tutorials
• vault: nomad secrets engine
• vault: aws secrets engine
• vault ssh secrets engine
• vault: tf cloud secret backend
• vault: vault auth delegation to aws