Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30847

Hashicorp Plugin: Provide cache flush for key rotation

    XMLWordPrintable

Details

    Description

      The Hashicorp Vault plugin currently supports key versioning provided by the Hashicorp Vault Server. However, there is no ways in the plugin to initiate a key rotation and reset the data stored in the cache. Because of this, it is really impossible to build scenarios in which key values change without restarting the server.

      To address this shortcoming, we need to adds a new global variable that allows the user to initiate key rotation at the plugin level - similar to the key management plugin for AWS:

      --[loose-]hashicorp-key-management-rotate-key=<identifier>|-1

      Setting this variable to a certain value rotates corresponding key - all data associated with it is erased from the cache and will be re-requested from the Hashicorp Vault server the next time the system accesses this key. The user can also specify special value -1 (minus one) to rotate all keys. When specified value is zero, no key rotation is performed.

      Attachments

        Issue Links

          split from

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29241 Hashicorp Plugin: Provide Key rotation

          • Major - Major loss of function.
          • Stalled

          Activity

            People

              sysprg Julius Goryavsky
              sysprg Julius Goryavsky
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.