keyring_vault

Registered by Robert Golebiowski on 2017-09-05

keyring_vault will store keys inside Vault server. On plugin initialization keyring_vault connects to the server using credentials stored in credentials file. On successful initialization it retrieves keys signatures and stores them inside an in-memory hash map. When a key is fetched from keyring for the first time keyring_vault goes to the Vault server and retrieves key's type and data. Next it stores key's data and type inside the in memory hash map so further retrieves would be faster. Key deletion will permanently delete key from in-memory hash map and Vault server. A variable keyring_vault_config will be added that will need to be set to configuration file.

There is a hardcoded timeout 5m. This is not configurable, there are no
automatic retries. This is only a problem when server ip/dns name was specified incorrectly or the server cannot be reached for other reasons. If the server does not allow connection we get connection error quickly.

The hardcoded timeout will become configurable once "PS-298 keyring_vault's timeout should be configurable" gets implemented.

Blueprint information

Status:
Complete
Approver:
None
Priority:
High
Drafter:
Robert Golebiowski
Direction:
Approved
Assignee:
Robert Golebiowski
Definition:
Approved
Series goal:
Accepted for 5.7
Implementation:
Implemented
Milestone target:
milestone icon 5.7.20-18
Started by
Laurynas Biveinis on 2017-09-28
Completed by
Laurynas Biveinis on 2017-09-28

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.