You can do this with any web API that lets you mint a JWT, which is a lot, including every cloud provider. That said, the usability of JWTs leaves a lot to be desired: Vault isn’t really designed for this purpose and neither are most command lines and other tools that access the APIs.
We’ve just switched over to this plugin, and it’s working great. I deleted our last GitHub PAT last night. I hope HashiCorp upstream it soon.
Great article. Can I suggest that the background of images is filled in appropriately, as the diagram is unreadable with dark mode enabled?
You can do this with any web API that lets you mint a JWT, which is a lot, including every cloud provider. That said, the usability of JWTs leaves a lot to be desired: Vault isn’t really designed for this purpose and neither are most command lines and other tools that access the APIs.