Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hashicorp Vault folder configuration #4384

Closed
saschaisele-zf opened this issue Jul 31, 2024 Discussed in #4375 · 1 comment · Fixed by #4385
Closed

Hashicorp Vault folder configuration #4384

saschaisele-zf opened this issue Jul 31, 2024 Discussed in #4375 · 1 comment · Fixed by #4385
Assignees
@saschaisele-zf
Labels
enhancement New feature or request

Comments

@saschaisele-zf
Copy link
Contributor

Discussed in #4375

Hashicorp Vault folder configuration

This proposal aims to introduce the possibility to configure dedicated folders inside Hashicorp Vault as secret storage.

Why is it desired?

Administration

Having the option to sort the relevant secrets for multiple EDC instances in folders, enables an orderly structure inside Hashicorp Vault.

In this way, administration is made easier and less frustrating.

Security

If you are using multiple instances of the EDC and/or other applications/services/components together with a single Hashicorp Vault instance, it is undesirable to have all the secrets accessible to everyone.

With the possibility to configure a folder for each EDC, every instance of the EDC can be separated in what secrets it can access.

This increases security.

Affected Areas

Hashicorp Vault extension

Solution Proposal

Introduce the optional configuration value edc.vault.hashicorp.folder.

If this value is set, the method getSecretUrl inside HashicorpVaultClient.java adds the folder to the URL that is generated.

With this, all operations will happen in the files of the folder instead.
@github-actions github-actions bot added the triage all new issues awaiting classification label Jul 31, 2024
@saschaisele-zf saschaisele-zf mentioned this issue Jul 31, 2024
Merged
@ndr-brt ndr-brt added enhancement New feature or request and removed triage all new issues awaiting classification labels Aug 14, 2024
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 28 days with no activity.

@github-actions github-actions bot added the stale Open for x days with no activity label Sep 12, 2024
@ndr-brt ndr-brt removed the stale Open for x days with no activity label Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saschaisele-zf saschaisele-zf

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(vault): implements custom secret folder config saschaisele-zf/EDC-Connector
2 participants
@ndr-brt @saschaisele-zf