Re: [keycloak-dev] File-based Vault implementation
HashiCorp might be the next one if there is enough interest in it.
At this point, we need to have something simple and useful in place so that
we can also test with it. This is the purpose of Kubernetes / file-based
plaintext vault. There could be space for one more OOTB implementation like
HashiCorp. Feel free to comment on pros/cons just the same as we have with
Elytron Vault earlier in this thread.
--Hynek
On Tue, Aug 13, 2019 at 3:00 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
On Mon, Aug 12, 2019 at 11:43 PM Sebastian Laskawiec
<slaskawi(a)redhat.com>
wrote:
> Writing anything by a running Pod is very tricky. In theory you could
use a
> Persistent Volume but this doesn't work with Secrets very well. So at
least
> in Kubernetes/OpenShift scenario, having a read-only vault and delegating
> manipulating vault's secrets to the environment is the most natural way
to
> tackle this.
>
It seems that a lot of people is using the Vault by HashiCorp to manage
k8s/app sensitive data such as credentials. How useful a file-based vault
would be if you are already using HashiCorp ?
I think there is an ongoing work in Quarkus to support HashiCorp's Vault.
Maybe it is worthy to consider it or maybe wait for KC.Next :)
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev