HashiCorp Vault authentication using AppRole #4419
nitin-vavdiya
started this conversation in
Ideas
Replies: 1 comment
-
|
This feature seems good to have, although Hashicorp Vault seems to have several auth mechanisms such as Token Auth, RoleID and Kubernetes Auth (#4374). Before can tackle any of them, we (i.e. the committers) need to discuss and get a clear picture of how we can make this pluggable at the connector level. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello everyone,
In the Current HashiCorp vault extension, we need to configure vault token as an environment variable, and a client is using this token to read other secrets. In this scenario, token refresh/rotate requires some manual task i.e. Create token using API and update environment variable and restart the application.(Can be achieved with some external scripting)
Can we add provision for authentication using AppRole and create a vault token using
role_idandsecret_idwhile initialisation of an extension and use this token for further communication?Ref: Authenticating apps using AppRole
Affected areas:
HashiCorp Vault extension
Solution Proposal
To avoid breaking changes, we can have both methods in place:
role_idandsecret_idas environment variables and create token while initialising the extension.--
Thanks
Beta Was this translation helpful? Give feedback.
All reactions