Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove need to embed Postgresql credentials in config and provide hooks to integrate with secure keyvault #731

Open
rprakashg-redhat opened this issue Feb 2, 2025 · 0 comments
Open

Remove need to embed Postgresql credentials in config and provide hooks to integrate with secure keyvault #731

rprakashg-redhat opened this issue Feb 2, 2025 · 0 comments

Comments

@rprakashg-redhat
Copy link

rprakashg-redhat commented Feb 2, 2025
edited
Loading

Currently when you use with Postgresql store for ownership vouchers credentials to connect to pg must be embedded with the db url. In my demo setup my FDO infrastructure was deployed in AWS and using RDS with Postgresql engine. RDS creates an instance of AWS secrets manager and credentials are stored there. It would have been nice to just be able to inject that ARN of Secrets Manager into config and grant permission in AWS IAM to allow the instance running FDO server to read secrets from secrets manager. This also makes rotating credentials easy. Currently one would need to update the config and restart server

Would be great to have hooks into other secure keyvault providers out there in market that customers might be using
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rprakashg-redhat