# vault_aws_auth

These are python 2 and 3 snippets showing how to generate headers to authenticate with HashiCorp's Vault using the
[AWS authentication method](https://www.vaultproject.io/docs/auth/aws.html). There's also a Ruby implementation which uses version 3 of the [AWS SDK for Ruby](https://aws.amazon.com/documentation/sdk-for-ruby/).

The python scripts look for credentials in the
[default boto3 locations](https://boto3.readthedocs.io/en/latest/guide/configuration.html#configuring-credentials);
if you need to supply custom credentials (such as from an `AssumeRole` call), you would use the
[botocore.session.set_credentials](https://github.com/boto/botocore/blob/5a5d9b47b62dedd4b6eff77cde90146dc4f54520/botocore/session.py#L417)
method before calling `create_client`.

The ruby script looks for credentials from the [default SDK locations](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html#aws-ruby-sdk-setting-credentials).

# Credits

Thanks to [@copumpkin](https://github.com/copumpkin) for much of the original python 2 implementation
(provided privately) on which this was based.

Thanks to [@stark525](https://gist.github.com/stark525/34d579c1d03b9cfdfb36fdd083efc853) for starting the python 3 port, on which the python 3 implementation is based.