[keycloak-dev] File-based Vault implementation
Hynek Mlnarik
hmlnarik at redhat.com
Tue Aug 13 10:00:54 EDT 2019
HashiCorp might be the next one if there is enough interest in it.
At this point, we need to have something simple and useful in place so that
we can also test with it. This is the purpose of Kubernetes / file-based
plaintext vault. There could be space for one more OOTB implementation like
HashiCorp. Feel free to comment on pros/cons just the same as we have with
Elytron Vault earlier in this thread.
--Hynek
On Tue, Aug 13, 2019 at 3:00 PM Pedro Igor Silva <psilva at redhat.com> wrote:
> On Mon, Aug 12, 2019 at 11:43 PM Sebastian Laskawiec <slaskawi at redhat.com>
> wrote:
>
> > Writing anything by a running Pod is very tricky. In theory you could
> use a
> > Persistent Volume but this doesn't work with Secrets very well. So at
> least
> > in Kubernetes/OpenShift scenario, having a read-only vault and delegating
> > manipulating vault's secrets to the environment is the most natural way
> to
> > tackle this.
> >
>
> It seems that a lot of people is using the Vault by HashiCorp to manage
> k8s/app sensitive data such as credentials. How useful a file-based vault
> would be if you are already using HashiCorp ?
>
> I think there is an ongoing work in Quarkus to support HashiCorp's Vault.
> Maybe it is worthy to consider it or maybe wait for KC.Next :)
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list