Closed lego963 closed 1 year ago
@gtema what do you think?
how do you want to use public_key? In general it is a security feature not to ever leak root password out of vault and I would not try to add it somehow
Only vault knowns password after rotate
payload.json
{
...
"public_key_path": "/home/admin/vault" #or content
}
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/openstack/clouds/example-cloud
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/openstack/pwd/example-cloud
response
{
"password": <encrypted with public key>
}
With policy we can restrict access to this path
Description
Currently if pwd is rotated we won't see
new
password. When creatingroot_cloud
, specify the public key so that you can get it encrypted later.