search

MassTransit / MassTransit

Distributed Application Framework for .NET
https://masstransit.io
Apache License 2.0
6.98k stars 1.62k forks source link

Adding Access Token Authentication for SQL Transport Options #5472

Closed jbak31 closed 1 month ago

jbak31 commented 1 month ago

@phatboyg / @drusellers

Currently for SQL Transport only a static password is allowed.

However, for connecting with Amazon RDS, or Aurora or TimeScale Db or any other modern database, we would want to generate an access token rather than using the plain text password. This PR adds this feature.

This currently only supports AWS RDS token generation, however additional token generators around this can be easily extended.

Additional fields added to the SqlTransportOptions

vercel[bot] commented 1 month ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment | Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **masstransit-documentation** | ⬜️ Ignored ([Inspect](https://vercel.com/masstransit/masstransit-documentation/6beqL4h189342UWvrUMaxu3oZLgv)) | [Visit Preview](https://masstransit-documentation-git-fork-jbak31-fe-242d99-masstransit.vercel.app) | | Sep 6, 2024 2:39pm |
drusellers commented 1 month ago

So I like what you are trying to achieve here, but I'd like to see it be WAAAAAAAY more generic. Why should this only support AWS, what about Google, what about Azure, and really what if I'm using Vault or some other identity rotation service to rotate / generate my credentials.

I'm going to assume that MT plays quite well with Microsoft.Extensions.Options, if not maybe that's the work to do. Then you can source your credentials from a custom RDS token source that feeds into Microsoft.Extensions.Options.

jbak31 commented 1 month ago

So I like what you are trying to achieve here, but I'd like to see it be WAAAAAAAY more generic. Why should this only support AWS, what about Google, what about Azure, and really what if I'm using Vault or some other identity rotation service to rotate / generate my credentials.

I'm going to assume that MT plays quite well with Microsoft.Extensions.Options, if not maybe that's the work to do. Then you can source your credentials from a custom RDS token source that feeds into Microsoft.Extensions.Options.

@phatboyg / @drusellers fair enough - I would be keen to make this a generic implementation so that the token generation part can be injected by the consumers themselves.