search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.18k stars 4.21k forks source link

MongoDB Atlas API Plugin #5962

Closed ahartma1 closed 3 years ago

ahartma1 commented 5 years ago

Is your feature request related to a problem? Please describe. Atlas is the cloud-based enterprise DaaS solution. If you have an enterprise subscription, you are most likely using the Atlas product. The problem is, all DB users are managed via the web GUI or via the HTTP API. Thus, any user created by the MongoDB driver will be immediately erased by Atlas, invalidating the usefulness of the mongodb driver for anything but a community edition of the database. This is insufficient for any organization that intends on seriously leveraging Vault and MongoDB together

Describe the solution you'd like Please create a MongoDB Atlas Database Secrets plugin. The plugin would interact not with the database directly, but rather with the HTTP API.

Describe alternatives you've considered I suspect other coming DaaS solutions may benefit from a generic HTTP API Secrets Engine. This would also fit our needs potentially

Explain any additional use-cases Any use case related to Enterprise MongoDB falls within the purview of this request

Additional context A Go library for interacting with Atlas does already exist, so this might be pretty simple to implement at least as a Custom Database Secrets Engine. https://github.com/akshaykarle/go-mongodbatlas

erickufrin-okta commented 5 years ago

We are also in critical-need of this as a native secret plugin. Thank you!

ahartma1 commented 5 years ago

I got a tentative yes-ish from Nicolas on mIRC who works at hashicorp.

ahartma1 commented 5 years ago

but that was awhile ago

brianjo1 commented 5 years ago

really need this dynamic secret functionality!!

tmackness commented 5 years ago

I agree this would be good to see

gordonbondon commented 5 years ago

Third party plugin is available https://github.com/mealal/vault-atlas-plugin . We've tested it at our environments and it works.

JnMik commented 5 years ago

@gordonbondon I'm having trouble building the plugin. DId you have any issue resembling this ? 

# github.com/mealal/vault-atlas-plugin/vendor/github.com/hashicorp/vault/sdk/helper/certutil
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:337:7: unknown field 'URIs' in struct literal of type x509.Certificate
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:394:94: in.URIs undefined (type *x509.Certificate has no field or method URIs)
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:517:7: unknown field 'URIs' in struct literal of type x509.Certificate
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:632:7: unknown field 'URIs' in struct literal of type x509.CertificateRequest
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:737:15: certTemplate.URIs undefined (type *x509.Certificate has no field or method URIs)

edited

So I tried upgrading go on my AMZLInux2 box. I had 1.9.4 now I have 1.11.9

Now the error message is : ./atlas.go:51:56: cannot use db (type Atlas) as type dbplugin.Database in argument to dbplugin.NewDatabaseErrorSanitizerMiddleware: Atlas does not implement dbplugin.Database (missing SetCredentials method)

I'll continue here https://github.com/mealal/vault-atlas-plugin/issues/3

ahartma1 commented 5 years ago

I never saw that this was implemented, but thank you guys for all your work!

@jnmik

https://www.vaultproject.io/docs/plugin/

JnMik commented 5 years ago

Thanks @ahartma1, it will serve me well to install the plugin. Seems pretty straight forward. I just need to manage to build it first -_- lol

gordonbondon commented 5 years ago

Ther's now an official plugin https://github.com/mongodb/vault-plugin-secrets-mongodbatlas

Throckmortra commented 4 years ago

Hope this gets added to core plugins :)

vishalnayak commented 3 years ago

Issues that are not reproducible and/or have not had any interaction for a long time are stale issues. Sometimes even the valid issues remain stale lacking traction either by the maintainers or the community. In order to provide faster responses and better engagement with the community, we strive to keep the issue tracker clean and the issue count low. In this regard, our current policy is to close stale issues after 30 days. If a feature request is being closed, it means that it is not on the product roadmap. Closed issues will still be indexed and available for future viewers. If users feel that the issue is still relevant but is wrongly closed, we encourage reopening them.

Please refer to our contributing guidelines for details on issue lifecycle.

kalafut commented 3 years ago

Note: MongoDB Atlas support was added in Vault 1.4.0.