search

eclipse-edc / Connector

EDC core services including data plane and control plane
Apache License 2.0
268 stars 227 forks source link

Hashicorp Vault folder configuration #4384

Closed saschaisele-zf closed 5 hours ago

saschaisele-zf commented 1 month ago

Discussed in https://github.com/eclipse-edc/Connector/discussions/4375

# Hashicorp Vault folder configuration This proposal aims to introduce the possibility to configure dedicated folders inside Hashicorp Vault as secret storage. ## Why is it desired? ### Administration Having the option to sort the relevant secrets for multiple EDC instances in folders, enables an orderly structure inside Hashicorp Vault. In this way, administration is made easier and less frustrating. ### Security If you are using multiple instances of the EDC and/or other applications/services/components together with a single Hashicorp Vault instance, it is undesirable to have all the secrets accessible to everyone. With the possibility to configure a folder for each EDC, every instance of the EDC can be separated in what secrets it can access. This increases security. ## Affected Areas Hashicorp Vault extension ## Solution Proposal Introduce the optional configuration value `edc.vault.hashicorp.folder`. If this value is set, the method `getSecretUrl` inside `HashicorpVaultClient.java` adds the folder to the URL that is generated. With this, all operations will happen in the files of the folder instead.
github-actions[bot] commented 1 week ago

This issue is stale because it has been open for 28 days with no activity.