components-contrib icon indicating copy to clipboard operation
components-contrib copied to clipboard

Published 20 hours ago verified publisher icon dapr

Hashicorp Vault Secret Store - To support cert. rotation and renewals

Open Radhikabollineni opened this issue 2 years ago • 2 comments

Hashicorp Vault Secret store is in Alpha state that supports storing the secretes. The ask is to certify the component to GA supporting certificate renewals.

Radhikabollineni avatar Jul 07 '22 11:07 Radhikabollineni

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

dapr-bot avatar Aug 06 '22 12:08 dapr-bot

Hi,

Please consider a scenario when a microservice is connected to Hashicorp Vault using Dapr and a database. Hashicorp vault is managing the database credentials (Static role for this scenario) and Microservice is getting the credentials from Dapr (by Vault) and Creating a connection pool to connect to database using the credentials and performs the operation. Suppose there is a password rotation happens by vault and database password got changed and vault also rotates its credentials. This scenario won't affect Microservice for the new connection pool creation as it will fetch the credentials from Vault. However the Old pool will still in the active state with old credentials so it will try to create new connection and get the exception as credentials are old and not updated. There is a need of some mechanism to inform the microservice to nullify the pool / pool credentials on the password rotation at database through Vault. i.e. If there is an updation of the password / Lease at Vault then Dapr should trigger some event back to microservice and inform as there is an update of password / lease happened at Vault & database so Microservice can also refresh / nullify the current connection pool.

vivekthakur-ai avatar Aug 26 '22 08:08 vivekthakur-ai

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

dapr-bot avatar Sep 25 '22 08:09 dapr-bot

Tagged for 1.10

rabollin avatar Sep 26 '22 04:09 rabollin

Tagged for 1.10

We do not tie certification efforts to a particular milestone. Also, certifying this component for GA does not require certificate renewals. These are two separate things.

yaron2 avatar Sep 26 '22 05:09 yaron2

/assign

rabollin avatar Sep 29 '22 15:09 rabollin

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

dapr-bot avatar Oct 29 '22 15:10 dapr-bot

👋

mukundansundar avatar Oct 29 '22 15:10 mukundansundar

The Certification of Hashicorp to stable is being handled by other issue, this will be targeted to enable the Hashicorp vault supporting cert. / password renewals and publishing an event when renewal takes place.

@mukundansundar - can you help update the issue description to - Feature request to support password/ cert. renewals and publish the notification/ event when change takes place in Hashicorp vault secret store.

rabollin avatar Nov 17 '22 12:11 rabollin

The Certification of Hashicorp to stable is being handled by other issue, this will be targeted to enable the Hashicorp vault supporting cert. / password renewals and publishing an event when renewal takes place.

@mukundansundar - can you help update the issue description to - Feature request to support password/ cert. renewals and publish the notification/ event when change takes place in Hashicorp vault secret store.

Done

mukundansundar avatar Nov 17 '22 13:11 mukundansundar

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

dapr-bot avatar Dec 17 '22 13:12 dapr-bot

//comment

rabollin avatar Dec 17 '22 13:12 rabollin

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Jan 16 '23 13:01 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.

github-actions[bot] avatar Jan 23 '23 13:01 github-actions[bot]

//comment

rabollin avatar Jan 23 '23 13:01 rabollin

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Feb 22 '23 15:02 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.

github-actions[bot] avatar Mar 01 '23 15:03 github-actions[bot]