Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19281

Vault Key Management Plugin

Details

    Description

      Feature Request

      I would really appreciate a Key Management Plugin for Hashicorp's Vault. It can be used in any cloud or on-prem environment and provides similar functionality to AWS Key Management.

      I found an open-source library for communicating with Vault in C++ here: https://github.com/abedra/libvault

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28115 Hashicorp MTR tests aren't runnable on WIndows

          • Major - Major loss of function.
          • Stalled

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28492 Hashicorp: Memory leak in initialize_encryption_plugin

          • Major - Major loss of function.
          • Stalled

          Task - A task that needs to be done. MDEV-28494 Hashicorp plugin documentation

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34358 background encryption threads consuming a lot of CPU after background re-encryption for new key version finished

          • Critical - Crashes, loss of data, severe memory leak.
          • Confirmed
          duplicates

          Task - A task that needs to be done. MDEV-27112 hashicorp key management plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28275 Hashicorp: ASAN heap-use-after-free in my_mb_wc_utf8mb4_quick / get_version

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28279 Hashicorp: Cannot migrate hexadecimal keys from file key management

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28281 Hashicorp: Key ID is not indicated in the log record about not found key

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28291 Hashicorp: Cache variables claim to be dynamic but changes are ignored

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is part of

          Task - A task that needs to be done. MDEV-28112 prepare 10.9.0 preview releases

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28275 Hashicorp: ASAN heap-use-after-free in my_mb_wc_utf8mb4_quick / get_version

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28276 Hashicorp: Document kv version=2 as mandatory and detect error if possible

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28277 Hashicorp: Document the mandatory presence of /v1/ in URL, detect error if possible

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28279 Hashicorp: Cannot migrate hexadecimal keys from file key management

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28281 Hashicorp: Key ID is not indicated in the log record about not found key

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28282 Hashicorp: mariabackup --prepare requires environment variable, needs to be documented

          • Major - Major loss of function.
          • Stalled

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28291 Hashicorp: Cache variables claim to be dynamic but changes are ignored

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28330 Hashicorp: Document key caching and key version caching

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28331 Hashicorp: Assertion `key_len == sizeof(key->key)' failed in scheme_get_key upon loading a key of a wrong length

          • Major - Major loss of function.
          • Stalled

          Task - A task that needs to be done. MDEV-28528 Hashicorp Vault plugin: documentation update

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-28025 Vault Key Management Plugin testing

          • Major - Major loss of function.
          • Stalled

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28500 Hashicorp: Debian packaging is broken

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            ralf.gebhardt Ralf Gebhardt added a comment -

            Hi sysprg, you can use this Jira task for getting the Hashicorp key management plugin from MariaDB Enterprise Server added to MariaDB Community Server 10.9

            ralf.gebhardt Ralf Gebhardt added a comment - Hi sysprg , you can use this Jira task for getting the Hashicorp key management plugin from MariaDB Enterprise Server added to MariaDB Community Server 10.9
            sysprg Julius Goryavsky added a comment -

            Plugin for Hashicorp Vault ported from ES edition to CS edition, including fixes for the key rotation test. Latest of the ported commits here: https://github.com/MariaDB/server/commit/5602f73e5265cb6f6470f79084a676d650027e33
            The rest of the work related to the finalization of buildbot for automatic testing of the plugin has been moved to a separate task MDEV-28025

            sysprg Julius Goryavsky added a comment - Plugin for Hashicorp Vault ported from ES edition to CS edition, including fixes for the key rotation test. Latest of the ported commits here: https://github.com/MariaDB/server/commit/5602f73e5265cb6f6470f79084a676d650027e33 The rest of the work related to the finalization of buildbot for automatic testing of the plugin has been moved to a separate task MDEV-28025
            jtaylor Joe Taylor added a comment -

            Thank you!

            jtaylor Joe Taylor added a comment - Thank you!
            elenst Elena Stepanova added a comment -

            The plugin cannot be pushed into main because it breaks Debian packaging, see MDEV-28500.
            If the packaging problem is fixed and fix is limited to debian packaging files, I have no objections against pushing it into 10.9 (bb-10.9-MDEV-19281-v5 a47e08aa2b + the Debian fix + rebase + git commit squash/cleanup as needed) and releasing with 10.9.1. The plugin won't be built for Windows in this release.

            I also recommend setting the plugin maturity to Beta. It will allow the plugin to be used with the RC server and at the same time will leave time to investigate MDEV-28492 and look into Windows issues, and we will revisit the plugin maturity before 10.9 goes GA.

            However, I don't strictly insist on Beta maturity.

            elenst Elena Stepanova added a comment - The plugin cannot be pushed into main because it breaks Debian packaging, see MDEV-28500 . If the packaging problem is fixed and fix is limited to debian packaging files, I have no objections against pushing it into 10.9 (bb-10.9- MDEV-19281 -v5 a47e08aa2b + the Debian fix + rebase + git commit squash/cleanup as needed) and releasing with 10.9.1. The plugin won't be built for Windows in this release. I also recommend setting the plugin maturity to Beta. It will allow the plugin to be used with the RC server and at the same time will leave time to investigate MDEV-28492 and look into Windows issues, and we will revisit the plugin maturity before 10.9 goes GA. However, I don't strictly insist on Beta maturity.
            sysprg Julius Goryavsky added a comment -

            Fixed, https://github.com/MariaDB/server/commit/1146b713b2c6dcc8ce8a18b503241f2aea0abbff

            sysprg Julius Goryavsky added a comment - Fixed, https://github.com/MariaDB/server/commit/1146b713b2c6dcc8ce8a18b503241f2aea0abbff

            People

              sysprg Julius Goryavsky
              jtaylor Joe Taylor
              Votes:
              5 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.