Add vault-autounseal interface
#141
Conversation
DanielArndt
force-pushed
the
vault-transit-interface
branch
3 times, most recently
from
d49a9a8
to
ee40998
Compare
DanielArndt
force-pushed
the
vault-transit-interface
branch
from
ee40998
to
d6f1e18
Compare
|
|
||
| ## Limitations | ||
|
|
||
| In this iteration, many data points (mount path, key name) are implied, and not configurable. This is likely to change in future versions. |
There was a problem hiding this comment.
I understand why they may not be configurable but should the mount path not be written in the relation data so that the requirer knows it.
There was a problem hiding this comment.
Yes, I agree. It wasn't in the spec so I left that as a future improvement. But, if there's no discussion needed (i.e. you agree 😆 ) then it's easy to make that change here and in the implementation code.
That would remove some FIXME comments from the implementation too, which would be nice.
| jWpoal3C6/rrAL1auX0vhoOXZ3J3nYoypSYL1SgiKn8hHGLAq/FulOWTxHok7CLy | ||
| 4ZT7j4CUoxXdfuAZxQ+cnCyPkpL96y9XsDiescRInOkVAmw= | ||
| -----END CERTIFICATE----- | ||
| credentials_secret_id: secret://575cd150-f7c2-4710-88a3-3f33e14e867c/copsdgnmp25c77tkgke0 |
There was a problem hiding this comment.
We should probably explicitly state the various keys expected to be in this secret
| "description": "The address of the Vault server to connect to.", | ||
| "type": "string" | ||
| }, | ||
| "token_secret_id": { |
There was a problem hiding this comment.
Here we call it token_secret_id but in the example in the readme we call it credentials_secret_id
There was a problem hiding this comment.
This file was leftover from before the re-spec. It was a generated file so I didn't even notice it. Will remove.
Thanks for catching this.
There was a problem hiding this comment.
Why do we have both docs/json_schemas/vault_autounseal/v0/provider.json and docs/json_schemas/vault_transit/v0/provider.json files?
There was a problem hiding this comment.
oops, artifact of renaming the relation. Will remove. Good catch.
Creation of a new interface,
vault-autounseal, for making use of the Vaulttransitengine to autounseal another vault.