gitrgoliveira/vault_setup.sh

## vault_setup.sh
vault auth enable jwt

vault write auth/jwt/config \
     oidc_discovery_url="https://token.actions.githubusercontent.com" \
     bound_issuer="https://token.actions.githubusercontent.com" \
     default_role="demo"

# "user_claim": "workflow" defines the entity alias.
vault write auth/jwt/role/demo -<<EOF
{
    "role_type": "jwt",
    "bound_subject": "",
    "bound_claims": {
        "sub": ["repo:gitrgoliveira/vault-action-exampleapp:ref:refs/*"]
    },
    "bound_claims_type": "glob",
    "bound_audiences": "https://github.com/gitrgoliveira",
    "user_claim": "workflow",
    "policies": "vault-action",
    "ttl": "1h"

}
EOF
	vault auth enable jwt

	vault write auth/jwt/config \
	oidc_discovery_url="https://token.actions.githubusercontent.com" \
	bound_issuer="https://token.actions.githubusercontent.com" \
	default_role="demo"

	# "user_claim": "workflow" defines the entity alias.
	vault write auth/jwt/role/demo -<<EOF
	{
	"role_type": "jwt",
	"bound_subject": "",
	"bound_claims": {
	"sub": ["repo:gitrgoliveira/vault-action-exampleapp:ref:refs/*"]
	},
	"bound_claims_type": "glob",
	"bound_audiences": "https://github.com/gitrgoliveira",
	"user_claim": "workflow",
	"policies": "vault-action",
	"ttl": "1h"

	}
	EOF