Closed HelenLorenzo closed 3 weeks ago
mp911de
commented
3 weeks ago What is a Vault-PR instance? Care to elaborate on the scenario regarding what you're trying to achieve and what isn't working?
Generally, Spring Vault drops the login (session) token and re-logins when the session token expires. All authentication happens typically against the same server/cluster.
HelenLorenzo
commented
3 weeks ago Vault-PR instance = Performance Replication. (Enterprice lincense Hashicorp Vault)
In this scenario, the token has not expired, it is simply not valid for the vault performance replication instance. Therefore, we must force it to re-authenticate
mp911de
commented
3 weeks ago Thanks for the detail. Spring Cloud Vault has no information on cluster changes; hence, we don't know about expiry by promoting a secondary to a primary.
HelenLorenzo
commented
3 weeks ago Sorry, de PR instance don't need promote. You always hace a PR intances and primary Intances. It's not a DR intances. In any case, Is it possible to force re-authentication with vault through spring-cloud-vault?
mp911de
commented
3 weeks ago You can call LifecycleAwareSessionManager.revoke to revoke the current session token. After that call, Spring Vault will re-authenticate. However, revoking the token will also revoke all leases.
HelenLorenzo
commented
3 weeks ago Thank you. But it is not possible to directly access the LifecycleAwareSessionManager object of the vultTemplate, right? I wouldn't want to lose the automatic session management that Spring provides. Is there no way to force re-authentication without having to lose spring management of sessions?
HelenLorenzo
commented
3 weeks ago I have it. Thank you for your help.
Good morning. Since the token obtained in a principal vault through authentication is not valid for a Vault-PR instance. I would like to know if there is currently any mechanism in the framework that allows you to force re-authentication. Thank you