[Feature:Rancher-Metadata] Integration with Vault #4594
Labels
kind/feature
Issues that represent larger new pieces of functionality, not enhancements to existing functionality
Milestone
Comments
deniseschannon
added
the
kind/feature
|
Wait, wasn't metadata api quite weakly protected? |
|
Closing due to inactivity, please reopen if you think this is still relevant to current releases & important. I'm not sure populating data in metadata is wise as that is unprotected against all other containers in a given environment today. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is stemming from the 4/28 webcast and builds off #3138, #1269
The idea here would be to have an API that would allow a service to provide 3rd party data into the Rancher Metadata API at a container level, specifically vault.
This would allows services to be Vault agnostic, they would use their standard mechanisms for resolving data from the metadata API which would be populated with data from Vault or forward the request to Vault.
In this scenario, if I'm using
confdto template a file from the metadata API and Vault secret expires due to it's TTL, then the integration would reacquire the value and push the new value into the metadata API.This would trigger
confdto see a change in its source data, thereby re-templating the file with the new data.The text was updated successfully, but these errors were encountered: