Open dwizzle204 opened 4 years ago
Happy to give this a go. @dwizzle204, evaluating the exact same SAS-approach for broader services - storage, cosmos, event hub and others.
That said, found that existing documentation for plugin development does not give much clarity. Started investigation from this ticket
More info on secrets plugin development:
@yhyakuna, I see you helped a lot in https://github.com/hashicorp/vault/issues/6822. Could you please help again and advise on more reference / documentation regarding secrets plugins one more time?
@avishnyakov We recently updated the tutorial adding a simple example for auth plugin. But as you said, those are meant to show the workflow rather than teaching how to code your own plugin.
I'll add it to my to-do-list to see how we can enhance that.
FYI: In last week's Vault Community Office Hours, Calvin went through the plugin development and answer some questions. Check it out --> https://www.youtube.com/watch?v=ZI2VsoCBjh4&list=PL81sUbsFNc5bAdxl_iy2x0N3m-306KXqp&index=36
@dwizzle204 @avishnyakov @yhyakuna Any updates on whether this will be added?
@Shaybs We will publish example code walkthrough tutorial coming up. Hopefully, it'll be published tomorrow or early next week (the link will be https://learn.hashicorp.com/collections/vault/custom-secrets-engine).
@yhyakuna Awesome, thanks a ton! :)
Any updates on adding support for this?
Is your feature request related to a problem? Please describe. Need a better way to manage SAS tokens
Describe the solution you'd like Similar to spn secrets we would have a real use for dynamically created sas tokens based on vault roles.
https://docs.microsoft.com/en-us/rest/api/eventhub/generate-sas-token
https://github.com/Azure/azure-sdk-for-go/blob/master/storage/blobsasuri.go
Explain any additional use-cases We have some applications that prefer the SAS token over a SPN this would help us better secure and manage these cases