Is your feature request related to a problem? Please describe.
Due to the limited configurability of the secrets manager parameters I am unable to use the desired external Hashicorp vault I have provisioned. IBM Secrets Manager does not allow users to modify the default plugin path auth/ibmcloud and the agbot similarly does not allow me to modify the default plugin path of auth/openhorizon making it impossible for the agbot to login to the secrets manager. Additionally, the agbot attempts to initially log into the external secrets manager instance using the values stored in Exchange ID and Exchange token. If those are populated as-is, the agbot cannot log into the SM instance, and if they are modified, the agbot cannot contact the exchange.
Describe the solution you'd like.
I would like the v1/auth/openhorizon/login path to be configurable, at least the openhorizon bit, so it could be substituted with ibmcloud if needed. Also, added configuration values in the Vault config options to allow a user to set the vault token used to login to the SM without interfering with the exchange token value, or perhaps not relying on the exchange token value to login to the SM instance at all if a vault token is provided. Within the agbot config is a vault config that could perhaps be expanded to include a plugin path name, and a token
Is your feature request related to a problem? Please describe.
Due to the limited configurability of the secrets manager parameters I am unable to use the desired external Hashicorp vault I have provisioned. IBM Secrets Manager does not allow users to modify the default plugin path
auth/ibmcloudand the agbot similarly does not allow me to modify the default plugin path ofauth/openhorizonmaking it impossible for the agbot to login to the secrets manager. Additionally, the agbot attempts to initially log into the external secrets manager instance using the values stored in Exchange ID and Exchange token. If those are populated as-is, the agbot cannot log into the SM instance, and if they are modified, the agbot cannot contact the exchange.Describe the solution you'd like.
I would like the
v1/auth/openhorizon/loginpath to be configurable, at least theopenhorizonbit, so it could be substituted withibmcloudif needed. Also, added configuration values in theVaultconfig options to allow a user to set the vault token used to login to the SM without interfering with the exchange token value, or perhaps not relying on the exchange token value to login to the SM instance at all if a vault token is provided. Within the agbot config is a vault config that could perhaps be expanded to include a plugin path name, and a tokenhttps://github.com/open-horizon/anax/blob/6c8119452e7acd7f5b1cec4da1a96a3969e9cbdf/config/config.go#L139
Describe alternatives you've considered
No response
Additional context.
No response