Feat: Added Oracle Cloud Infrastructure(OCI) Vault service as a backend with vaultid #670
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added a new backend for Oracle Cloud Infrastructure Vault service Documentes updated with the instruction for OCI backend Signed-off-by: Deepak Devadathan <[email protected]>
When specifying latest secret version , explicitly setting version was failing. Signed-off-by: Deepak Devadathan <[email protected]>
Added support for Oracle Cloud Infrastructure api key based authentication. Authentication will be tried with api key based method first and if its not available it will fallback to instance principal based authentication Signed-off-by: Deepak Devadathan <[email protected]>
Updated the backend doc for a sample policy statement for instance principal authentication Signed-off-by: Deepak Devadathan <[email protected]>
Added vault and compartment id for OCI based backend. This removes the need to put vault id in the manifest files. Documents updated for this setup Signed-off-by: Deepak Devadathan <[email protected]>
Corrected minor typo error in backend.md for OCI setup Signed-off-by: Deepak Devadathan <[email protected]>
Update the documentation for backend.md with correct ref value pattern for vauld ocid Signed-off-by: Deepak Devadathan <[email protected]>
Updated sample pattern for OCI vault Signed-off-by: Deepak Devadathan <[email protected]>
Signed-off-by: Deepak Devadathan <[email protected]>
updated the go mod file by running go mod tidy -compat=1.21 Signed-off-by: Deepak Devadathan <[email protected]>
Feat: Added Oracle Cloud Infrastructure(OCI) Vault service as a backend with vaultid
Prevent multiple secrets lookup for decrypting individual secrets. This issue was causing very slow response, when oci vault has a large number of secrets. Signed-off-by: Deepak Devadathan <[email protected]>
Fix: To prevent slowness in secrets lookup in oci vault
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Added Oracle Cloud Infrastructure(OCI) Vault service as a backend.
The plugin is configured with vault id and comparment id. So the deployment manifest doesnt have to store the vault ocid.
Checklist
Please make sure that your PR fulfills the following requirements:
go mod tidy -compat=1.21to ensure only the minimum is pulled in.Type of Change
Other information
With this change user will be able to use OCI vault for storing secrets by
AVP_TYPE=ocivault
AVP_OCI_VAULT_ID="ocid1.vault.oc1.aaa"
AVP_OCI_VAULT_COMPARTMENT_ID="ocid1.compartment.oc1..aaa"