Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Use HashiCorp Vault as a SPIRE Server KeyManager #5058

Open
InverseIntegral opened this issue Apr 11, 2024 · 3 comments · May be fixed by #5500
Open

Feature Request: Use HashiCorp Vault as a SPIRE Server KeyManager #5058

InverseIntegral opened this issue Apr 11, 2024 · 3 comments · May be fixed by #5500
Assignees
Labels
priority/backlog Issue is approved and in the backlog

Comments

@InverseIntegral
Copy link

We are currently using HashiCorp Vault as our UpstreamAuthority for our SPIRE setup and we would like to also use the Vault as a KeyManager. Therefore, we propose the addition of a new plugin that integrates Vault into the SPIRE ecosystem via a KeyManager plugin. This plugin could be applied to both the spire-server and the spire-agent. One thing that we should consider is whether Vault supports the appropriate key types that are used by SPIRE.

I would also be willing to implement such a plugin but I'm not quite sure where to get started.

@rturner3 rturner3 added the triage/in-progress Issue triage is in progress label Apr 11, 2024
@evan2645
Copy link
Member

Thanks for opening this @InverseIntegral ❤️

I think there's a clear use case for Vault-based KeyManager on SPIRE Server .. I took the liberty of updating this issue title to reflect that. Use case around SPIRE Agent plugin for this is a little more hazy to me, so I'd like to suggest you create a new issue for that if you're interested, there will probably be some questions there.

In terms of moving this contribution forward, the best resource will be the SPIRE channel in SPIFFE slack .. post a message there that you're trying to author a plugin and someone can help. You can see current plugin implementations here and SDK containing the protos and utils for building out-of-tree plugins here

@evan2645 evan2645 changed the title Feature Request: Use HashiCorp Vault as a KeyManager Feature Request: Use HashiCorp Vault as a SPIRE Server KeyManager Apr 18, 2024
@evan2645 evan2645 added help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog and removed triage/in-progress Issue triage is in progress labels Apr 18, 2024
@evan2645
Copy link
Member

@InverseIntegral if you're still willing to carry this forward please let me know and I'll assign the issue to you. You can find me on SPIFFE slack as well. Thank you!! 🙏

@InverseIntegral
Copy link
Author

@evan2645 Thanks for getting back to me. Yes, my intention was to implement this for the SPIRE server first. I've also thought about a use-case for a similar plugin for the SPIRE agent but that would require a separate issue. I would love to work on this once I'm back home from my extended holidays, so feel free to assign the issue to me 🙂 And thank you for the pointers to previous plugin implementations!

@evan2645 evan2645 removed the help wanted Issues with this label are ready to start work but are in need of someone to do it label Apr 26, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Aug 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Aug 22, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Aug 22, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 2, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 8, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 8, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 8, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 8, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 9, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 9, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 9, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 11, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 11, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 11, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 11, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 12, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 16, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 16, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
@InverseIntegral InverseIntegral linked a pull request Sep 18, 2024 that will close this issue
3 tasks
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 18, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Sep 19, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Oct 20, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 2, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 27, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 27, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 27, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 27, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 27, 2024
Signed-off-by: Matteo Kamm <[email protected]>
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Nov 27, 2024
Signed-off-by: Matteo Kamm <[email protected]>
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Dec 1, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Dec 1, 2024
InverseIntegral added a commit to InverseIntegral/spire that referenced this issue Dec 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
priority/backlog Issue is approved and in the backlog
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants