cldmstr
commented
1 year ago Pull request: https://github.com/hashicorp/go-kms-wrapping/pull/155
Open cldmstr opened 1 year ago
cldmstr
commented
1 year ago Pull request: https://github.com/hashicorp/go-kms-wrapping/pull/155
cldmstr
commented
1 year ago @jimlambrt As the PR has now been merged, should I close this as well? Is there any action on the vault side necessary to the new version integrated, or is that handled automatically?
jimlambrt
commented
1 year ago I just opened a PR in vault for this: https://github.com/hashicorp/vault/pull/22994
jimlambrt
commented
1 year ago There's also a PR for boundary as well: https://github.com/hashicorp/boundary/pull/3706
We run our vault instance in AKS and want to use the new Azure Workload Identity service to authenticate against Azure resources when using Azure keyvault for the unseal key handling.
This requires the Azure keyvault authentication to support the Workload Identity Federation mechanism.
Here is an implementation (leaning heavily on the Azure example) that I patched vault with and that runs successfully in our cluster.
Would it be possible to integrate this or something like it in the go-kms-wrapping module and then into the official vault release?