Redesign: Auth and Secrets usage of Endpoints

chiefy / vaulted

nodejs based wrapper for HashiCorp's Vault HTTP API

https://chiefy.github.io/vaulted

MIT License

47 stars 6 forks source link

Redesign: Auth and Secrets usage of Endpoints #41

Closed kenjones-cisco closed 8 years ago

kenjones-cisco commented 8 years ago

The pattern of defining APIs/Endpoints in a file works well for fixed Endpoints. But for the different Secret backends and the Auth Backends, the actual Endpoint is going to vary based on how those are mounted.

For example, if the operator of the Vault mounts a consul type secret backend to consul-prd, then attempting to use the Consul Endpoints located at the fixed location /v1/consul/* will result in many 404 type errors.

As a result the pattern for doing Endpoints will need to be redesigned.

kenjones-cisco commented 8 years ago

Secret Backends

Mounting consul:

-d '{"type":"consul"}' /sys/mounts/consul-prd

APIs available at /v1/consul-prd/* instead of default /v1/consul/*

Auth Backends

Enabling app-id:

-d '{"type":"app-id"}' /sys/auth/local-appid

APIs available at /v1/auth/local-appid/* instead of default /v1/auth/app-id/*