secret-manager icon indicating copy to clipboard operation
secret-manager copied to clipboard

Published 20 hours ago verified publisher icon itscontained

Add support for Microsoft Azure Key vault

Open ahmedmus-1A opened this issue 4 years ago • 5 comments

Hi Team ,

It is mentioned in the Operator README that Azure KV is planned to be delivered , so i am really curious to know if there are any expected timelines set for delivering this backend . If not yet , is there any sort of "Guidelines" to add any backend to be supported by the secret-manager operator ?

Thanks a lot.

ahmedmus-1A avatar Oct 12 '20 12:10 ahmedmus-1A

Morning @ahmedmusAmadeus We dont have any timelines, and are getting to things when we have a moment to breathe from regular work stuff haha. If you want to contribute you are more than welcome to! We will go over any concerns in the MR

dirtycajunrice avatar Oct 12 '20 15:10 dirtycajunrice

Thanks @DirtyCajunRice for your response , it's totally understandable . Yes I am very enthusiastic to contribute and use your operator with Azure KV. However can we have at least some sort of contribution guide how to inject a new Backend into the project . something like what's described here. I think this documentation enhancement will help a lot of contributors to add different backends (not only Azure KV).

ahmedmus-1A avatar Oct 13 '20 09:10 ahmedmus-1A

We will work on adding that documentation, that seems valuable to have available for new contributors.

Adding a new backend would look like:

  • Adding the fields to the SecretStore spec (AWS as an example)
  • Implementing the StoreFactory interface to allow creation of the SecretStore backend and the StoreClient interface for fetching ExternalSecrets (interfaces)
  • Registering the Store when an SecretStore resource is using the backend (registration)

This is still a pretty new project and we are still in-progress on docs and the initial functionality (https://github.com/itscontained/secret-manager/issues/55 as an example).

mcavoyk avatar Oct 13 '20 17:10 mcavoyk

Hello, we have implemented the Azure KeyVault back-end for this operator. Only tests are still missing, but we have plan to make them in the coming weeks. However, given this answer https://github.com/itscontained/secret-manager/issues/83#issuecomment-758810751 it looks like we may rather use our time to contribute our implementation to the new merged https://github.com/external-secrets/external-secrets.

What do you think? Where should we spend our energy?

Cc: @ahmedmusAmadeus

ghost avatar Jan 15 '21 15:01 ghost

@snowfix-1a I would recommend contributing the Azure KeyVault backend to https://github.com/external-secrets/external-secrets, the backend interfaces between this project and external-secrets is identical.

mcavoyk avatar Jan 15 '21 17:01 mcavoyk