hixichen
commented
3 months ago https://www.hashicorp.com/blog/vault-1-17-brings-wif-est-support-for-pki-and-more
Workload Identity Federation (WIF) for AWS, Azure, and Google Cloud Workload Identity Federation (WIF) presents an opportunity to eliminate concerns around providing security credentials to Vault plugins. Using this new support for WIF, a trust relationship can be established between an external system and Vault's identity token provider to access the external system. This enables secretless configuration for plugins that integrate with external systems such as AWS, Azure, and Google Cloud. For example, a Vault-minted identity token can be exchanged for AWS credentials provided there is a trust relationship between Vault and AWS. By enabling secretless configuration, organizations reduce security concerns from using long-lived and highly privileged security credentials.
https://developer.hashicorp.com/vault/docs/secrets/databases/mysql-maria