Categorygithub.com/loafoe/kong-plugin-mtlsauth
modulepackage
0.7.5
Repository: https://github.com/loafoe/kong-plugin-mtlsauth.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
2
Dependents
0
Files
7 SLOC

# README

kong-plugin-mtlauth

Authorization using mTLS certs from Caddy

configuration

plugins:
  - name: mtlsauth
    config:
       mtls_header: X-Client-Common-Name
       get_device_url: http://dps.apps.internal:8080
       device_token_url: https://dev-auth-services.smartsuite-cataract.com//authorize/oauth2/token
       region: us-east
       environment: client-test

credentials

The plugin reads credentials from the environment and from a Vault instance

FieldDescription
MTLSAUTH_SERVICE_IDThe service identity
MTLSAUTH_SERVICE_PRIVATE_KEYThe service identity private key
MTLSAUTH_VAULT_ADDRThe Vault address
MTLSAUTH_VAULT_ROLE_IDThe vault role id
MTLSAUTH_VAULT_SECRET_IDThe vault secret id
MTLSAUTH_VAULT_PATHThe vault path to read the config data from

The following attributes are expected in the Vault data object

AttributeDescription
mtlsauth_shared_keyThe shared key to use for signing/validating requests
mtlsauth_secret_keyThe secret key to use for signing/validating requests

fields

  • config.mtls_header - (Required) The HTTP header containing the mTLS certificate info
  • config.get_device_url - (Required) The GET device registration (DRS) URL API endpoint
  • config.device_token_url - (Required) The POST endpoint for token auth
  • config.region - (Required) The IAM region we are in (us-east, eu-west, etc..)
  • config.environment - (Required) The IAM environment to use (client-test or prod)

license

License is MIT

# Packages

No description provided by the author