Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37814

Support HashiCorp Vault AppRole authentication

    XMLWordPrintable

Details

    Description

      Allow to pass role_id and secret_id instead of token

      When using AppRole authentication actual tokens can be retrieved by providing the role and secret IDs, but the returned token is then only valid for a limited amount of time; so the plugin would need to be able to retrieve a new token every once in a while.

      Right now it is not possible to use MariaDB Server with such a Vault setup as it is not even possible to set a new token at runtime, only at startup. So the server would have to be restarted every 20-30 minutes ...

      Exposing hashicorp-key-management-token as a write-only variable to replace the current token might work as an easier to implement workaround for the time being, maybe?

      See also:

      https://developer.hashicorp.com/vault/docs/auth/approle

      Attachments

        Activity

          People

            Unassigned Unassigned
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.