Hashicorp vault auth allow tokens directly set in TriggerAuthentication

kedacore / keda

KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

https://keda.sh

Apache License 2.0

8.5k stars 1.07k forks source link

Hashicorp vault auth allow tokens directly set in TriggerAuthentication #6026

Open JorTurFer opened 3 months ago

JorTurFer commented 3 months ago

Report

Currently, hashicorp vault auth supports 2 login methods, one based on service account and other based on tokens. The problem is that the token isn't provided from a secret but from the TriggerAuthentication directly. This is a security risk as TriggerAuthentication isn't a sensitive API by design:

Expected Behavior

The token should be recovered from a secret

Actual Behavior

The token is read from the TriggerAuthentication manifest

shardulsrivastava commented 3 months ago

I would like to work on this issue, can you pls assign it to me @JorTurFer.

JorTurFer commented 3 months ago

Nice! Thanks for your help 😄 As this issues has been there for a long time, we should support both ways at the same time to follow the deprecation policy. Basically, you have to add support to read the value from a secret OR the current approach (and we can eventually remove the support to the current approach after some versions)

dttung2905 commented 2 months ago

Hello @shardulsrivastava are you working on it? If not, I can give it a try too

shardulsrivastava commented 2 months ago

@dttung2905 I am working on this right now.