Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29239

Hashicorp Plugin: Support proper authentication methods for vault

    XMLWordPrintable

Details

    Description

      Hi,

      currently the Hashicorp Plugin only supports tokens to authenticate requests against vault.
      But in context of Hashicorp Vault a token should be considered as a short-time authentication methode - like a session for a website. By default configuration of vault a token expires after 30days.

      Quoted from Vault documentation https://www.vaultproject.io/docs/concepts/auth

      Before a client can interact with Vault, it must authenticate against an auth method. Upon authentication, a token is generated. This token is conceptually similar to a session ID on a website. The token may have attached policy, which is mapped at authentication time. This process is described in detail in the policies concepts documentation.

      So proper authentication methods needs to be implemented to the Hashicorp Plugin.
      Those are documented here: https://www.vaultproject.io/docs/auth
      Quite popular for tooling is the AppRole Auth Method. In our case this method would fullfill all requirements. May this is good auth method to start.

      Regards
      Simon

      Attachments

        Activity

          People

            Unassigned Unassigned
            Slm0n Simon Stier
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.