integration with AWS Secret Manager for api-keys

[bcollard]

Basically, what we’re looking for is a way to validate different API keys on the same route without saving all keys statically in k8s (as k8s secrets). What we would like to achieve is API key validation based on a given header (e.g. tenant header).

Example:

• A Client sends a request with two headers: tenant (e.g. tenant-x) and api-key.
• Gloo reaches to a secret manager (i.e. AWS secrets manager) and seeks a secret containing the api-key for tenant-x.
• Gloo compares the secret sent by the client with the one it fetched from the secret manager.

[jon-walton]

@bcollard and azure key vault, if possible

the resulting tenant / api-key would need caching for x seconds

[github-actions[bot]]

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.