Open PuneetPunamiya opened 6 months ago
Agreed. We should make this a secret ref (though for backwards compatibility probably needs to be a new field)
@lcarva did you propose signers.kms.auth.token-path
as a fix for this issue?
@lcarva did you propose
signers.kms.auth.token-path
as a fix for this issue?
I believe @PuneetPunamiya did during one of the Chains WG meeting. There was unanimous agreement among the Chains maintainers IIRC.
ack, sounds good :) i agree with the solution and it solves similar issues as users are facing with MONGO_SERVER_URL
rotation (like you said already 😛)
Feature request
As of today vault token is supplied via the
signers.kms.kmsref.auth.token
field which is not very ideal as it stores the token in clear textThis can also be true for other tokens as well