Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop interface to Hashicorp Vault Secrets #1647

Closed
hnamazianeu opened this issue Jan 9, 2023 · 3 comments
Closed

Develop interface to Hashicorp Vault Secrets #1647

hnamazianeu opened this issue Jan 9, 2023 · 3 comments
Labels
IEU Intellect EU Team

Comments

@hnamazianeu
Copy link

Problem description

This user story is intended to develop class/classes to be commonly used by other classes that, having provided credentials, facilitate interacting with Hashicorp Vault Secret Manager in order to create CRUD operations over key/values stored. This class requires providing credentials and API Key to access Hashicorp Vault Secret Manager. In return the class provides CRUD operations over key/value pairs.

Definition of done

HcpVaultSecretManager class will take a configuration object including target region, the credentials to access the repository, etc, and in return provide CRUD operations over key/value pairs. The functionalities required to be implemented by the class are:

  • GetValueByKey: having passed the key fetches and returns its value if exists, otherwise throws an error
  • ImportKeyValue: having passed an array of key/value pairs will import them them into the storage if the key does not exist, otherwise throws an error
  • UpdateValue: having passed the key and new value will update its value by new one if the key exists otherwise throws an error
  • DeleteKeyValue: having passed the key the key/value pair will be removed from the storage if the key exists otherwise throws an error

Acceptance criteria

Having passed configurations the class provides an interface to Hashicorp Vault Secret Manager repository with CRUD operations over key/value pairs. Class functionalities mentioned in DoD must be tested successfully in both ideal and failure scenarios.
@prernaadev01 prernaadev01 added the IEU Intellect EU Team label Jan 9, 2023
@voycey
Copy link

voycey commented Jan 25, 2023

#1644 #1645 #1646 can all be handled by vault itself, it shoudln't need to be setup externally as this is core functionality of vault itself

@hnamazianeu
Copy link
Author

#1644 #1645 #1646 can all be handled by vault itself, it shoudln't need to be setup externally as this is core functionality of vault itself

Hashicorp Vault is the default option for Key/Secret Management, though there are cases that one prefers to use Cloud solutions instead of using Vault. We intend to provide a comprehensive solution either cloud agnostic or cloud based one.

@voycey
Copy link

voycey commented Jan 25, 2023

What I meant was that as Vault is used by default in Guardian it can be the nexus point to all of these secrets managers - think of it like a secrets proxy for whatever KMS / Secrets management system you want to use.
Then its just a configuration option rather than a full implementation of cloud specific code.

https://developer.hashicorp.com/vault/docs/secrets

For example if you look at the various secrets engines here - there are around 23 that vault handles natively. That means a single API to work with 20+ secrets managers

@voycey voycey mentioned this issue Jan 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IEU Intellect EU Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@voycey @prernaadev01 @hnamazianeu