alibaba-cloud-sdk-go icon indicating copy to clipboard operation
alibaba-cloud-sdk-go copied to clipboard

Published 20 hours ago verified publisher icon aliyun

Allow to use an arbitrary credential provider endpoint

Open hixichen opened this issue 4 years ago • 4 comments

What is expected:

export ALICLOUD_CREDENTIALS_URI=https://xyz:1234/path/to/creds

Why:

  • In multi/hybrid cloud world, external creds provider is needed.
  • Let the SDK to handle the key rotation work instead of service itself.

Refer: https://github.com/aws/aws-sdk-go-v2/issues/451

hixichen avatar Dec 11 '19 21:12 hixichen

Thanks for your advice. You can use Credentials File to manage your credentials .

wenzuochao avatar Dec 16 '19 06:12 wenzuochao

I will close this issue without your reply in three days. If you have other problems, welcome to reopen this issue or open a new issue.

wenzuochao avatar Dec 26 '19 10:12 wenzuochao

Hi @hixichen could you provide some use cases?

JacksonTian avatar Dec 30 '19 09:12 JacksonTian

+1 for this feature.

One use case:

The server of ALICLOUD_CREDENTIALS_URI will exposes the credential data to containers inside or outside of ECS hosts, allowing you to provide scoped IAM roles to individual containers, rather than giving them the full IAM permissions of an IAM role or IAM user. Refer: https://github.com/lyft/metadataproxy

mozillazg avatar Feb 04 '20 02:02 mozillazg