Crypt4GH secrets manager

Question

Crypt4GH secrets manager

Closed this issue a month ago · 3 comments

Instead of providing static paths resolving to secrets/keys for Crypt4gh, it should point to an endpoint that resolves to a key management service/server (HSM, HTTP endpoint, GitHub user.key, etc...)... like Elsa secrets provider (focusing on those that run on the server side, such as AWS Secrets Manager and just file-based for dev) /cc @andrewpatto .

Answer 1 · 2024-10-21T00:34:31.000Z

@mmalenic I believe you implemented most of this in #271 ? ... not a custom API endpoint but perhaps it's good enough for now?

Answer 2 · 2024-10-21T02:28:56.000Z

Yeah, it's probably okay for now. The Secrets Manager part is done, but it's not customizable beyond that.

Answer 3 · 2024-12-02T00:06:53.000Z

We can reopen once more complexity is needed then!