Vault Cassandra Database Secrets Engine

sylvainblot commented 1 year ago

What version of Cassandra are you using?

DSE 6.8.34

What version of Gocql are you using?

v1.4.0

What version of Go are you using?

1.20.3

What did you do?

I would like to implement Vault Cassandra Database Secrets Engine to use short-lived credentials https://developer.hashicorp.com/vault/docs/secrets/databases/cassandra

As there is no maximum connection age exposed to trigger a new authentication, do you have any recommendations on how to achieve a seamless integration?

Kind regards

martin-sucha commented 1 year ago

Hi! Currently there is no way to force rotating connection pool's connections, although it seems like a useful feature to have.

At the moment you could create a whole new Session and switch your code to use it (for example using atomic.Pointer, but it is not seamless, you need support in the code using the Session for doing the switch.

We can write down some requirements first what would be needed for the seamless integration:

We need a way to request from gocql to rotate connections.
Old connection to a node would only be closed after new connection work.
The user might need to wait for the rollout to complete and be informed of an error.

Any other requirements?

sylvainblot commented 1 year ago

Hi Martin, Sounds like a perfect plan!

TattiQ commented 3 months ago

hey guys, was there any movement since then to support short lived creds ? 🙏

martin-sucha commented 3 months ago

I am not aware of any.

apache / cassandra-gocql-driver