vault-unsealer icon indicating copy to clipboard operation
vault-unsealer copied to clipboard

Published 20 hours ago verified publisher icon jetstack

Paramaterstore

Open jmahowald opened this issue 7 years ago • 6 comments

AWS Parameter Store (SSM) has native support for "SecureString" types. This ends up being easier to integrate in to get the actual root token if another process needs it for vault provisioning. I debated changing just the actual logic of the KMS store, but figured it's less impactful downstream if I just created a new mode.

jmahowald avatar Oct 20 '17 20:10 jmahowald

Thanks for your PR @jmahowald. Sorry that it took a while. I am having this issue when I am trying to run the CI tests: (Sorry these are not yet publicly accessible)

FAIL    github.com/jetstack/vault-unsealer/pkg/kv/aws_param     0.894s
--- FAIL: TestAWSIntegration (0.69s)
        aws_ssm_test.go:55: Unexpected error storing value in SSM kv: key '%s' not found
        aws_ssm_test.go:59: Unexpected decrypt output: exp=payload123 act=

simonswine avatar Nov 23 '17 12:11 simonswine

@jmahowald tried your branch, it works perfectly with parameters store.

danaps avatar Jan 15 '18 09:01 danaps

+1 for using SecureStrings without any base64 encoding in parameter store. @simonswine - can we help get this merged?

davidholsgrove avatar Mar 26 '18 05:03 davidholsgrove

@simonswine is this being tracked?

raoofm avatar Jun 21 '18 19:06 raoofm

/cc @munnerz

raoofm avatar Jun 21 '18 19:06 raoofm

@jmahowald: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jetstack-bot avatar Apr 09 '19 09:04 jetstack-bot