Open LordFPL opened 6 years ago
I'm pretty sure with a minimum of devops skills you can wrap ROR deployment and hook the decoded secrets into environmental variables, which are by the way supported in readonlyrest.yml
.
What do you think?
@LordFPL or did you mean implementing vault as a runtime authentication connector like we have LDAP?
Hello,
Sorry for late answer. Yes, i mean a runtime authentication like ldap. I actually run elasticsearch cluster with nomad, and all config is already taken via vault (readonlyrest.yml and elasticsearch config file are generated via dynamic vars). My main "problem" (it's not a very critical problem ;)) is the two main auth in readonlyrest are not totaly satisfying me... login/pass in conf is too static... and ldap is mainly (imho) for "humans". I already use vault for other usage, and i love the approle method for apps, and all the possible auditing with it. That's why i ask your opinion about this future feature :)
Thx for your time and all you already done :)
Got it, and it's quite interesting idea. Too bad I didn't find any asynchronous vault library for Java. 🤦🏻♂️
In my case, i can find a solution with a watch for change in vault... and regenerate the readonlyrest config... but if i understand well, hot reload is not possible ?
For information, i read a post on hashicorp page about an integration with JWT (https://www.hashicorp.com/blog/secure-kubernetes-deployments-vault-banzai-cloud)... but i'm not a develloper... and i don't understand well JWT tokens...
In all case, thx for reading :)
Hello, We use more and more Vault (Hashicorp) in our company, and I wonder if it was planned an integration of this type? I am starting to test authentications under readonlyrest, and am a bit embarrassed on password side with the two main ones:
Vault on the other hand, from my point of view, will allow:
For now ldap authentication will in any case allow us to do many things (thank you for this plugin! :)), but I'll be curious to know your opinion on this possible evolution.
Thx in advance.