https://pulumi.com logo
#esc
Title
# esc
s

stale-belgium-7295

10/20/2023, 4:32 AM
Also I'm allowing myself to share my notes on how to configure vault to (almost) get vault HCP work with pulumi ESC + pulumi cloud as it may be useful to someone at some point: • authenticate with vault • enable jwt auth method:
Copy code
vault auth enable jwt
• configure the jwt auth method:
Copy code
vault write auth/jwt/config \
    oidc_discovery_url="<https://api.pulumi.com/oidc>" \
    bound_issuer="<https://api.pulumi.com/oidc>" \
    default_role="example-role"
• create a role
Copy code
vault write auth/jwt/role/example-role-1 role_type=jwt policies=<SCOPED_VAULT_POLICY> ttl=1h user_claim=sub bound_audiences=<NAME_OF_YOUR_PULUMI_CLOUD_ORG_ASSOCIATED_WITH_YOUR_DEPLOYMENT>