Use Vault-supported official auth libraries

Question

Use Vault-supported official auth libraries

Closed this issue 5 months ago · 5 comments

Right now, we maintain code for a bunch of different auth providers.

It looks like some of those providers may be available under Vault itself: https://github.com/hashicorp/vault/tree/main/api/auth

Investigate if we can use those libraries to replace some of our code with officially maintained versions.

This might also be interesting: https://github.com/hashicorp/go-secure-stdlib/tree/main/awsutil

Answer 1 · 2023-05-31T11:32:09.000Z

The packages under vault/api/auth could be useful indeed! Right now we are putting together a map with login data for each of the auth methods, and then we acquire the api secret by manually doing a write operation on the respective auth methods /login path. With this lib, the whole operation could be simplified by creating an *Auth object with some options and call Login() on them, so we don't use the provider's SDKs, or packages directly.

Answer 2 · 2023-10-19T08:38:44.000Z

The latest Vault API includes auth libraries and the current changes will be based on using these auth APIs instead of our own

Answer 3 · 2023-10-26T08:43:04.000Z

Meeting notes

Test against as many providers as possible (including Azure/GCP/AWS) with different authentication options
Ensure that Vault libraries we rely on are MPL licenced (all packages under api are MPL)

Answer 4 · 2023-11-09T09:51:03.000Z

Notes

Get access to other environments (GCP + AWS) to test against

Answer 5 · 2024-01-14T01:06:42.000Z

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.