Meraki Community

Computeracer · ‎Feb 21 2024

Hello @JohanMynhardt Were you able to make any further progress on getting such a solution to work with the AWS service?

Computeracer · ‎Jul 2 2022

The benefit of api tokens that can quickly be created and destroyed are that they are short lived, and less likely to be compromised. The vault product could create the temporary token and it would exist only for the amount of time needed for a job to finish it's work and then no longer exist. A job could perform any meraki configuration through the api. Even if we just had an API call to create and delete the API tokens for an existing user would be a small step to work towards this. It is inconvenient to have to come up with email aliases for a 'service account' that a human would never use, but not a show stopper to work towards short lived tokens.

Computeracer · ‎May 30 2022

We like to use Hashicorp's Vault to generate temporary credentials for admins and CICD pipelines. This can be done with other cloud vendors like AWS like show here. The current Meraki API allows the creation of admins, but the only way to get an API token is to setup the account with email and proceed to create an API token through the GUI. We have submitted a wish, but I was wondering if anyone was looking into such a solution? I found a similar post regarding this need for API access: https://community.meraki.com/t5/Developers-APIs/Manage-organization-admins-with-API/m-p/64292/highlight/true#M2101

Meraki Community

About Computeracer

Computeracer

Community Record

Badges

Re: MQTT SSL/TLS Connectivity: Client Authentication (CA Cert + Client Cert...

Re: Dynamic API Token Generation For Temporary Users with Vault

Dynamic API Token Generation For Temporary Users with Vault