Support for hashicorp vault authentication using client certificates

Description

Hashicorp Approle authentication is challenging to manage across so many clusters.

Client certificates can be much more easily managed because of cert-manager integration.

We can automatically generate vault client certificates using cert-manager and use them to authenticate to vaults.

Like approle this requires vault configuration within each namespace to set up the tls cert authentication and associated roles.

Ideally the vaultclient certificate issuer will be setup to point to a shared PKE certificate authority, like hashicorp vault PKI, to make it even easier to manage.

Don't confuse the two roles of the vault described above.

The vault use for PKI is distinct from the vault use for secrets which gets authenticated via these client certs.

Conclusion

None

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
Anthony Fishbeck
Reporter
Anthony Fishbeck
Priority
Not specified
Fix versions
9.4.2
Pull Request URL
https://github.com/hpcc-systems/HPCC-Platform/pull/17850

Created October 1, 2023 at 6:00 PM

Updated October 5, 2023 at 10:11 AM

Resolved October 5, 2023 at 10:11 AM

Configure

Support for hashicorp vault authentication using client certificates

Description

Conclusion

Activity

DetailsAssigneeAnthony FishbeckAnthony FishbeckReporterAnthony FishbeckAnthony FishbeckPriorityNot specifiedFix versions9.4.2Pull Request URLhttps://github.com/hpcc-systems/HPCC-Platform/pull/17850

Details

Assignee

Reporter

Priority

Fix versions

Pull Request URL

Details
Assignee
Anthony Fishbeck
Reporter
Anthony Fishbeck
Priority
Not specified
Fix versions
9.4.2
Pull Request URL
https://github.com/hpcc-systems/HPCC-Platform/pull/17850