search

Venafi / vault-pki-backend-venafi

Venafi PKI Secrets Engine plugin for HashiCorp Vault that enables certificate enrollment using Venafi machine identity services.
Mozilla Public License 2.0
54 stars 20 forks source link

Update go-plugin & Vault SDK to latest versions in order to support autoMTLS #121

Closed paulternate closed 1 year ago

paulternate commented 1 year ago

BUSINESS PROBLEM When configuring the plugin against TLS Protect Datacenter, trust must be established between the Venafi and Vault servers. Establishing that trust is currently a manual process.

PROPOSED SOLUTION After updating the go-plugin and Vault SDK, autoMTLS will be enabled in the plugin and manually establishing trust will no longer be necessary.

CURRENT ALTERNATIVES Use a publicly trusted certificate for the Venafi Operational Certificate (uncommon), or manually establish trust by permanently adding the VOC CA Cert to the Vault trust store or referencing it with the trust_bundle_file parameter.

luispresuelVenafi commented 1 year ago

Hi @paulternate , It's safe to say that by "Update go-plugin & Vault SDK to latest versions", means to update the Golang currently handled in our plugin and the Vault SDK for plugin development to latest version? Or what does it mean the go-plugin in this context?

paulternate commented 1 year ago

@luispresuelVenafi - This is in reference to:

luispresuelVenafi commented 1 year ago

Got it @paulternate

go-plugin is not explicitly defined in go.mod, so that's why I didn't know that we had that library, but I do see it as a dependency in go.sum. This should be upgraded all together once we update our Hashicorp Vault SDK version