Allow to use an arbitrary credential provider endpoint

aliyun / alibaba-cloud-sdk-go

Alibaba Cloud SDK for Go

Apache License 2.0

1.16k stars 271 forks source link

Allow to use an arbitrary credential provider endpoint #371

Open hixichen opened 4 years ago

hixichen commented 4 years ago

What is expected:

export ALICLOUD_CREDENTIALS_URI=https://xyz:1234/path/to/creds

Why:

In multi/hybrid cloud world, external creds provider is needed.
Let the SDK to handle the key rotation work instead of service itself.

Refer: https://github.com/aws/aws-sdk-go-v2/issues/451

wenzuochao commented 4 years ago

Thanks for your advice. You can use Credentials File to manage your credentials .

wenzuochao commented 4 years ago

I will close this issue without your reply in three days. If you have other problems, welcome to reopen this issue or open a new issue.

JacksonTian commented 4 years ago

Hi @hixichen could you provide some use cases？

mozillazg commented 4 years ago

+1 for this feature.

One use case:

The server of ALICLOUD_CREDENTIALS_URI will exposes the credential data to containers inside or outside of ECS hosts, allowing you to provide scoped IAM roles to individual containers, rather than giving them the full IAM permissions of an IAM role or IAM user. Refer: https://github.com/lyft/metadataproxy