New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Artificial delay for eventually consistent secrets #271
Labels
enhancement
New feature or request
Comments
adrianmoisey
added a commit
to adrianmoisey/vault-secrets-operator
that referenced
this issue
Nov 22, 2023
Fixes hashicorp#271 Some services (such as AWS IAM) are eventually consistent and require some time between generating the secret, and using the secret. Without this delay our services can't access AWS for a short while immediately after the secret rotation happens.
adrianmoisey
added a commit
to adrianmoisey/vault-secrets-operator
that referenced
this issue
Nov 22, 2023
Fixes hashicorp#271 Some services (such as AWS IAM) are eventually consistent and require some time between generating the secret, and using the secret. Without this delay our services can't access AWS for a short while immediately after the secret rotation happens.
adrianmoisey
added a commit
to adrianmoisey/vault-secrets-operator
that referenced
this issue
Nov 22, 2023
Fixes hashicorp#271 Some services (such as AWS IAM) are eventually consistent and require some time between generating the secret, and using the secret. Without this delay our services can't access AWS for a short while immediately after the secret rotation happens.
adrianmoisey
added a commit
to adrianmoisey/vault-secrets-operator
that referenced
this issue
Jan 16, 2024
Fixes hashicorp#271 Some services (such as AWS IAM) are eventually consistent and require some time between generating the secret, and using the secret. Without this delay our services can't access AWS for a short while immediately after the secret rotation happens.
This bug is still hurting us. Is there any way it can be prioritised? I made a PR but it hasn't been looked at. |
ebdekock
pushed a commit
to ebdekock/vault-secrets-operator
that referenced
this issue
May 24, 2024
Fixes hashicorp#271 Some services (such as AWS IAM) are eventually consistent and require some time between generating the secret, and using the secret. Without this delay our services can't access AWS for a short while immediately after the secret rotation happens.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Some secrets (ie, AWS IAM) are eventually consistent and require a delay before they can be used.
Describe the solution you'd like
A method to introduce a delay before VSO writes secrets to Kubernetes
Describe alternatives you've considered
It may be possible to get the pods that consume VSO secrets to have a delay before attempting to use their secrets, but then logic needs to be build into each application. It may make sense for VSO to handle this delay, as it a central service/tool.
Additional context
To quote:
https://developer.hashicorp.com/vault/docs/secrets/aws#usage
The text was updated successfully, but these errors were encountered: