Feature request: TLS Certificate Auth Method

[jdelic]

It would be fantastic if Goldfish could "proxy" the TLS auth backend and request a client-side certificate from the browser, using it to receive a token from Vault. As Vault is still lacking support for generic OAuth endpoints this would at least support one commonly used "enterprise login" method.

[Caiyeon]

Without loading the private key, it's impossible to communicate properly with Vault and retrieve a token. The only way to do this would be to require the end user to upload both the public and private key. This is programatically possible using go's TLS package, but this feature would require a lot of testing and proper integration tests, which I currently don't have the time for. I'll leave this issue open in case anyone wants to try implementing it, but the likelihood of this being implemented is fairly low.