Vault extension: support for HashiCorp Vault

[Martin Feller <m....@auckland.ac.nz>]

Hi,

The documentation for retrieving secrets from a vault states “This support is intended with multiple vault providers in mind and currently supports Keeper Secrets Manager (KSM)”
Are there plans to support HashiCorp Vault as an additional provider?

Thanks,
Martin

Re: Vault extension: support for HashiCorp Vault

[Nick Couchman <vn...@apache.org>]

On Tue, Apr 18, 2023 at 10:24 PM Martin Feller <m....@auckland.ac.nz> wrote:
>
> Thanks for the quick reply, Nick.
>
>
>
> I thought it would be useful to have an option for integration with a vault that can be hosted on-premises, and is - or can be - free of charge.
>

Yes, definitely - I think adding support for other vaults is a great idea.

>
>
> I’ve done a lot of work in Java more than 13 years ago, so I am quite rusty; if I were to try a write an HC Vault provider myself though, would you say integrating another provider is straight-forward?
>

Yes, I would say it's pretty straight-forward - the current vault
support has been designed to be modular and easily-extendable, so that
a minimal amount of API integration is required with the other vault
mechanisms, provided they have well-defined and well-documented APIs.
That's not to say there won't be any issues or challenges to get it
working, just that the current support was designed with future
expansion into other vaults in mind.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Vault extension: support for HashiCorp Vault

[Martin Feller <m....@auckland.ac.nz>]

Thanks for the quick reply, Nick.

I thought it would be useful to have an option for integration with a vault that can be hosted on-premises, and is - or can be - free of charge.

I’ve done a lot of work in Java more than 13 years ago, so I am quite rusty; if I were to try a write an HC Vault provider myself though, would you say integrating another provider is straight-forward?

Martin

From: Nick Couchman <vn...@apache.org>
Date: Wednesday, 19 April 2023 at 1:32 AM
To: user@guacamole.apache.org <us...@guacamole.apache.org>
Subject: Re: Vault extension: support for HashiCorp Vault
On Tue, Apr 18, 2023 at 7:19 AM Martin Feller <m....@auckland.ac.nz> wrote:
>
> Hi,
>
>
>
> The documentation for retrieving secrets from a vault states “This support is intended with multiple vault providers in mind and currently supports Keeper Secrets Manager (KSM)”
>
> Are there plans to support HashiCorp Vault as an additional provider?
>

At the moment, no, no other vaults have been identified to be added as
providers. That doesn't mean it couldn't be added, but there are no
Jira issues or requests to add other vaults at this point.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Vault extension: support for HashiCorp Vault

[Nick Couchman <vn...@apache.org>]

On Tue, Apr 18, 2023 at 7:19 AM Martin Feller <m....@auckland.ac.nz> wrote:
>
> Hi,
>
>
>
> The documentation for retrieving secrets from a vault states “This support is intended with multiple vault providers in mind and currently supports Keeper Secrets Manager (KSM)”
>
> Are there plans to support HashiCorp Vault as an additional provider?
>

At the moment, no, no other vaults have been identified to be added as
providers. That doesn't mean it couldn't be added, but there are no
Jira issues or requests to add other vaults at this point.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org