Currently Daytona supports secrets fetching with the use of List and Read capabilities. These translate well into other endpoints (such as the GCP Secrets backend) that use the same capabilities, but does not do similarly for endpoints that require additional capabilities.
Today, if we were interested in injecting certificates and keys into an application with the use of the Vault PKI backend we would first need to create the certificate and then store them in the Secrets backend to be fetched & injected.
This Issue is to request functionality for Daytona to provision certificates by interacting directly with the /sign or /issue endpoints of the Vault PKI backend and performing the same secret fetching & injection thereafter. This removes the need to store certificates in the Secrets backend, further aligning with the pattern of short lived certificates and service lifetimes.
broamski
commented
5 years ago
Currently Daytona supports secrets fetching with the use of
ListandReadcapabilities. These translate well into other endpoints (such as the GCP Secrets backend) that use the same capabilities, but does not do similarly for endpoints that require additional capabilities.Today, if we were interested in injecting certificates and keys into an application with the use of the Vault PKI backend we would first need to create the certificate and then store them in the Secrets backend to be fetched & injected.
This Issue is to request functionality for Daytona to provision certificates by interacting directly with the
/signor/issueendpoints of the Vault PKI backend and performing the same secret fetching & injection thereafter. This removes the need to store certificates in the Secrets backend, further aligning with the pattern of short lived certificates and service lifetimes.