Use Vault-supported official auth libraries
Closed this issue · 5 comments
Right now, we maintain code for a bunch of different auth providers.
It looks like some of those providers may be available under Vault itself: https://github.com/hashicorp/vault/tree/main/api/auth
Investigate if we can use those libraries to replace some of our code with officially maintained versions.
This might also be interesting: https://github.com/hashicorp/go-secure-stdlib/tree/main/awsutil
The packages under vault/api/auth could be useful indeed! Right now we are putting together a map with login data for each of the auth methods, and then we acquire the api secret by manually doing a write operation on the respective auth methods /login
path. With this lib, the whole operation could be simplified by creating an *Auth
object with some options and call Login()
on them, so we don't use the provider's SDKs, or packages directly.
The latest Vault API includes auth libraries and the current changes will be based on using these auth APIs instead of our own
Meeting notes
- Test against as many providers as possible (including Azure/GCP/AWS) with different authentication options
- Ensure that Vault libraries we rely on are MPL licenced (all packages under
api
are MPL)
Notes
- Get access to other environments (GCP + AWS) to test against
Thank you for your contribution! This issue has been automatically marked as stale
because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale
label will be automatically removed.