Nats kv for certs storage and secrets storage

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

https://authcrunch.com/

Apache License 2.0

1.39k stars 70 forks source link

Nats kv for certs storage and secrets storage #214

Open gedw99 opened 1 year ago

gedw99 commented 1 year ago

The system uses aws or consul for secrets, but why not use nats kv ?

https://github.com/HeavyHorst/certmagic-nats

Nats can be embedded too and clustered so nothing for a dev to setup and run. It’s all included.

https://github.com/sandstorm/caddy-nats-bridge Is also relevant in that it shows have you can make nats into a http gateway to provide any third party system access to nats . This also allows access via the nats cli .

it would be awesome if nats was considered.

gedw99 commented 1 year ago

Nats can be embedded .

but it’s probably something to make optional.

some people will want it embedded for ease of use and less physical network hopes .

but other will want a setup with 3 nats per data center but many caddy servers .

The connections from caddy o the nats cluste are Client side load balanced in either setup and self organising so now need to worry about that