Vault JWT Auth Method - API

jwt_config.json

{
   "oidc_discovery_url":"https://dev-2sqiyoyv.auth0.com/",
   "bound_issuer":"https://dev-2sqiyoyv.auth0.com/",
   "default_role":"demo"
}

jwt_role.json

{
   "role_type":"jwt",
   "bound_audiences":"https://vault.com",
   "user_claim":"sub",
   "policies":"my-policy",
   "ttl":"1h"
}

mycred.json

{
  "data": {
      "username": "milli",
      "password": "vanilli"
    }
}

policy.json

{
  "policy": "path \"secret/metadata\" { capabilities = [\"list\"]} \npath \"secret/data/mycred\" { capabilities = [\"read\"]}"
}

script.sh

#configure kv secret
curl \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    --request POST \
    --data @mycred.json \
    http://localhost:8200/v1/secret/data/mycred | jq

#enable jwt auth
curl \
    --header "X-Vault-Token: $VAULT_TOKEN" \
    --request POST \
    --data '{"type": "jwt"}' \
    http://127.0.0.1:8200/v1/sys/auth/jwt

#configure jwt auth method
curl \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    --request POST \
    --data @jwt_config.json \
    http://localhost:8200/v1/auth/jwt/config | jq

#configure jwt role
curl \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    --request POST \
    --data @jwt_role.json \
    http://localhost:8200/v1/auth/jwt/role/demo | jq

#apply policy
curl \
    --request POST \
    --header "X-Vault-Token: ${VAULT_TOKEN}" \
    --data @policy.json \
    http://localhost:8200/v1/sys/policy/my-policy