Add Keeper Secrets Manager provider #122
Conversation
| PLUGINS_CONFIG = { | ||
| "nautobot_secrets_providers": { | ||
| "keeper": { # https://github.com/Keeper-Security/secrets-manager/tree/master/sdk/python | ||
| "token": os.getenv("KEEPER_TOKEN", None), |
There was a problem hiding this comment.
Given the listed required/optional keys below, should type be added to this example and token removed?
There was a problem hiding this comment.
Type is per secret, Token is more "global"
| token = forms.CharField( | ||
| label="Token", | ||
| widget=forms.PasswordInput, | ||
| help_text="The One Time Token", | ||
| max_length=40, | ||
| min_length=20, | ||
| initial=KEEPER_TOKEN, | ||
| ) |
There was a problem hiding this comment.
I'm hesitant to have this as a user-specified form field since its value would be user-readable and stored in the DB. Isn't the token a sensitive value?
There was a problem hiding this comment.
I agree with you wit traditional token
With Keeper Secrets Manager it's a One Time Token that will generate the config file config.json that will be used afterwards
I'm still unsure of the best way to process this, so I implement both way of providing connection, either with the config in JSON or BASE64 (not implemented yet as seen on #L156 or with the Token that will be valid once only
| ) | ||
| config = forms.JSONField( | ||
| label="Config", | ||
| help_text="The JSON configuration", |
There was a problem hiding this comment.
Any chance of giving an example of the expected structure of this field?
There was a problem hiding this comment.
https://docs.keeper.io/secrets-manager/secrets-manager/developer-sdk-library
{
"hostname": "keepersecurity.com",
"clientId": "ab2x3z/Acz0QFTiilm8UxIlqNLlNa25KMj=TpOqznwa4Si-h9tY7n3zvFwlXXDoVWkIs3xrMjcLGwgu3ilmq7Q==",
"privateKey": "MLSHAgABCDEFGyqGSM49AEGCCqGSM49AwEHBG0wawIWALTARgmcnWx/DH+r7cKh4kokasdasdaDbvHmLABstNbqDwaCWhRANCAARjunta9SJdZE/LVXfVb22lpIfK4YMkJEDaFMOAyoBt0BrQ8aEhvrHN5/Z1BgZ/WpDm9dMR7E5ASIQuYUiAw0t9",
"serverPublicKeyId": "10",
"appKey": "RzhSIyKxbpjNu045TUrKaNREYIns+Hk9Kn8YtT+CtK0=",
"appOwnerPublicKey": "Sq1W1OAnTwi8V/Vs/lhsin2sfSoaRfOwwDDBqoP+EO9bsBMWCzQdl9ClauDiKLXGmlmyx2xmSAdH+hlxvBRs6kU="
}How should I implement it in the code as an helper ?
|
Is this keeper addon working with Nautobot? |
|
Probably not yet, still hadn't time to finish it nor tested |
Okay, thank you for working on this. Let me know when/if this becomes official. I am currently syncing from KSM to Azure Key Vault and its not ideal. Would absolutely love for my team to be able to use Keeper. |
Add Keeper Secrets Manager provider