cli: adds plugin identity token to enable and tune commands for secret engines and auth methods (#24980)

* adds plugin identity token to secrets CLI for enable and tune * adds plugin identity token to auth CLI for enable and tune * adds field to mount config input and output * adds changelog * fix tests * fix another test
2025-10-30 10:12:35 +00:00 · 2024-01-22 16:00:03 -08:00
parent 76a62d5997
commit a93ee17946
11 changed files with 71 additions and 2 deletions
--- a/command/secrets_enable.go
+++ b/command/secrets_enable.go
@@ -41,6 +41,7 @@ type SecretsEnableCommand struct {
 	flagExternalEntropyAccess     bool
 	flagVersion                   int
 	flagAllowedManagedKeys        []string
+	flagIdentityTokenKey          string
 }

 func (c *SecretsEnableCommand) Synopsis() string {
@@ -228,6 +229,13 @@ func (c *SecretsEnableCommand) Flags() *FlagSets {
 			"each time with 1 key.",
 	})

+	f.StringVar(&StringVar{
+		Name:    flagNameIdentityTokenKey,
+		Target:  &c.flagIdentityTokenKey,
+		Default: "default",
+		Usage:   "Select the key used to sign plugin identity tokens.",
+	})
+
 	return set
 }

@@ -334,6 +342,10 @@ func (c *SecretsEnableCommand) Run(args []string) int {
 		if fl.Name == flagNamePluginVersion {
 			mountInput.Config.PluginVersion = c.flagPluginVersion
 		}
+
+		if fl.Name == flagNameIdentityTokenKey {
+			mountInput.Config.IdentityTokenKey = c.flagIdentityTokenKey
+		}
 	})

 	if err := client.Sys().Mount(mountPath, mountInput); err != nil {