hashicorp / vault-service-broker

The official HashiCorp Vault broker integration to the Open Service Broker API. This service broker provides support for secure secret storage and encryption-as-a-service to HashiCorp Vault.

https://www.vaultproject.io/

Mozilla Public License 2.0

84 stars 38 forks source link

Support for Namespaces #32

Closed deejross closed 5 years ago

deejross commented 5 years ago

The enterprise edition of Vault supports namespaces and the service broker should too. The destination namespace is added to the HTTP request in the form of the X-Vault-Namespace header, or by calling SetNamespace(namespace string) using github.com/hashicorp/vault/api.Client.

deejross commented 5 years ago

I did a little reading into the Vault documentation, and while the service broker doesn't advertise support for namespaces, paths can be prefixed with the namespace. The X-Vault-Namespace header is really just a way to shorten URLs.

As an example, you have namespace customer1, using the header, and you have a secret at /secret/foo. If you are using a client that doesn't support setting the header, the key for accessing the same secret would be /customer1/secret/foo.

tyrannosaurus-becks commented 5 years ago

hashicorp / vault-service-broker

Support for Namespaces #32

33