[MDEV-19281] Vault Key Management Plugin Created: 2019-04-18  Updated: 2023-03-21  Resolved: 2022-05-10

Status: Closed
Project: MariaDB Server
Component/s: Plugins
Fix Version/s: 10.9.1

Type: Task Priority: Critical
Reporter: Joe Taylor Assignee: Julius Goryavsky
Resolution: Fixed Votes: 5
Labels: Preview_10.9

Issue Links:
Blocks
is blocked by MDEV-28275 Hashicorp: ASAN heap-use-after-free i... Closed
is blocked by MDEV-28279 Hashicorp: Cannot migrate hexadecimal... Closed
is blocked by MDEV-28281 Hashicorp: Key ID is not indicated in... Closed
is blocked by MDEV-28291 Hashicorp: Cache variables claim to b... Closed
Duplicate
duplicates MDEV-27112 hashicorp key management plugin Closed
PartOf
is part of MDEV-28112 prepare 10.9.0 preview releases Closed
Problem/Incident
causes MDEV-28115 Hashicorp MTR tests aren't runnable o... Stalled
causes MDEV-28492 Hashicorp: Memory leak in initialize_... Stalled
causes MDEV-28494 Hashicorp plugin documentation Closed
Relates
relates to MDEV-28275 Hashicorp: ASAN heap-use-after-free i... Closed
relates to MDEV-28276 Hashicorp: Document kv version=2 as m... Closed
relates to MDEV-28277 Hashicorp: Document the mandatory pre... Closed
relates to MDEV-28279 Hashicorp: Cannot migrate hexadecimal... Closed
relates to MDEV-28281 Hashicorp: Key ID is not indicated in... Closed
relates to MDEV-28282 Hashicorp: mariabackup --prepare requ... Stalled
relates to MDEV-28291 Hashicorp: Cache variables claim to b... Closed
relates to MDEV-28330 Hashicorp: Document key caching and k... Closed
relates to MDEV-28331 Hashicorp: Assertion `key_len == size... Stalled
relates to MDEV-28528 Hashicorp Vault plugin: documentation... Closed
relates to MDEV-28025 Vault Key Management Plugin testing Stalled
relates to MDEV-28500 Hashicorp: Debian packaging is broken Closed

 Description   

Feature Request

I would really appreciate a Key Management Plugin for Hashicorp's Vault. It can be used in any cloud or on-prem environment and provides similar functionality to AWS Key Management.

I found an open-source library for communicating with Vault in C++ here: https://github.com/abedra/libvault

 Comments   
Comment by Ralf Gebhardt [ 2022-02-16 ]

Hi sysprg, you can use this Jira task for getting the Hashicorp key management plugin from MariaDB Enterprise Server added to MariaDB Community Server 10.9

Comment by Julius Goryavsky [ 2022-03-15 ]

Plugin for Hashicorp Vault ported from ES edition to CS edition, including fixes for the key rotation test. Latest of the ported commits here: https://github.com/MariaDB/server/commit/5602f73e5265cb6f6470f79084a676d650027e33
The rest of the work related to the finalization of buildbot for automatic testing of the plugin has been moved to a separate task MDEV-28025

Comment by Joe Taylor [ 2022-03-15 ]

Thank you!

Comment by Elena Stepanova [ 2022-05-07 ]

The plugin cannot be pushed into main because it breaks Debian packaging, see MDEV-28500.
If the packaging problem is fixed and fix is limited to debian packaging files, I have no objections against pushing it into 10.9 (bb-10.9-MDEV-19281-v5 a47e08aa2b + the Debian fix + rebase + git commit squash/cleanup as needed) and releasing with 10.9.1. The plugin won't be built for Windows in this release.

I also recommend setting the plugin maturity to Beta. It will allow the plugin to be used with the RC server and at the same time will leave time to investigate MDEV-28492 and look into Windows issues, and we will revisit the plugin maturity before 10.9 goes GA.

However, I don't strictly insist on Beta maturity.

Comment by Julius Goryavsky [ 2022-05-10 ]

Fixed, https://github.com/MariaDB/server/commit/1146b713b2c6dcc8ce8a18b503241f2aea0abbff

Generated at Thu Feb 08 08:50:25 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.