Please select the area the issue is related to
Area/Other (Anything else which does not match above categories)
Please select the aspect the issue is related to
Aspect/API (API backends, definitions, contracts, interfaces, OpenAPI)
Suggested Feature
Need to implement a secret management feature for Platform API.
This should cover the following;
- Simple secure vault implementation which encrypts and stores the secrets for on-prem
- Pluggable secret management solution to support multiple vendors like HarshiCorp vault in cloud
The following points will be considered when implementing the solution.
- There will be a Go interface to access secret manager - Get/Add/Update/Remove secret operations
- This interface will support both on-prem and cloud solutions (Support for multiple secret providers)
- Need to track the secret type - File based secrets (certs), String based secrets (api keys, passwords) - This will be useful when doing cert management feature to fetch what are the certs expiring in a given date.
- Need to add a field to track expiry - Will be useful when storing certs, JWTs, etc
- Need to consider organisation and projects (For platform GW, it has a flat hierarchy and store the secrets only with the GW Id) - Add organisation and project fields when defining the DB schema for Platform API
- Secret names are defined by end users. When a secret is given by a user we need to resolve the secret value considering the organisation and project of the user
Related Issues
#837
Please select the area the issue is related to
Area/Other (Anything else which does not match above categories)
Please select the aspect the issue is related to
Aspect/API (API backends, definitions, contracts, interfaces, OpenAPI)
Suggested Feature
Need to implement a secret management feature for Platform API.
This should cover the following;
The following points will be considered when implementing the solution.
Related Issues
#837