Support for HCP Vault Secrets Beta?

[mavaddat]

I was wondering if VaultSharp provides the ability to authenticate with HCP Vault Secrets.

What is HCP Vault Secrets?

HashiCorp Cloud Platform (HCP) Vault Secrets is a secrets lifecycle management solution to centralize your secrets and enable your applications to access them from their workflow. The clients (systems or users) can interact with HCP Vault Secrets using command-line interface (CLI), HCP Portal, or API.

HCP Vault vs. HCP Vault Secrets
HCP Vault provides single-tenant, dedicated Vault Enterprise clusters which can be deployed to different public cloud providers and regions. HCP manages the provisioning, operations, and maintenance of the cluster allowing organizations the flexibility to establish consistent identity based access workflows for secret access and data protection needs.

HCP Vault Secrets is a multi-tenant, SaaS platform providing teams secure and simplified workflows for secret lifecycle management. Easily manage and integrate secrets where they are needed across your applications and infrastructure.

If not, I would like to implement this in the AuthMethods.

[rajanadar]

hi @mavaddat

How does HCP Vault Secrets related to the core Vault APIs?
I don't see a new auth method in the vault apis. https://developer.hashicorp.com/vault/api-docs

Can you please point me to the vault api or vault cli ability?

[mavaddat]

Hi @rajanadar,
Please see the tutorial on authenticating and calling the API.

The official API documentation also provides the query endpoints.

[rajanadar]

thanks @mavaddat .

What I meant to say was, CONCEPTUALLY should i treat HCP Vault Secrets as

1. the same Vault APIs, just hosted in HCP managed cloud instead of partners and everything else being same, and just add appropriate auth methods etc.
2. OR treat it as a different platform altogether and create a new client for it.

1 seems to be okay. Let me think through a bit and update you on next steps.

[rajanadar]

@mavaddat , it makes sense for VaultSharp to be the single client library for all things Vault. Right now, there are 3 flavors of Vault:

1. Vault Community/Enterprise in your data center
2. Vault Dedicated - Enterprise Version on HCP Cloud provided by HashiCorp as a single tenant offering
3. Vault Secrets - A targeted multi-tenant SaaS offering by HashiCorp

1&2 is the same Vault binary, just hosted differently. As such, VaultSharp already caters to it. It doesn't matter, where you host the Vault Api.

For 3, this thread, it is a new set of apis, new server instance, new way to do auth, new request/response models. However, the concept remains the same that, the server system is a type of vault holding secrets, and as a client, you need access to it using a good library.

I could write a totally new client for it, or i could also provide a second set of interfaces on the current one.
I'll start with the current library being extended. Decided.

In the next days, I'll be designing the initial structure of the library.
Meanwhile, can you please let me know the top apis you need first. I am guessing the "all the read app/secret apis" but let me know.

[mavaddat]

Yes, you're exactly right. It would be great if I could retrieve secrets. That is the priority.

[ramioh]

1. Vault Community/Enterprise in your data center
2. Vault Dedicated - Enterprise Version on HCP Cloud provided by HashiCorp as a single tenant offering
3. Vault Secrets - A targeted multi-tenant SaaS offering by HashiCorp

With all the great good HashiCorp did to the world, their documentation has always been a nightmare, with Terraform being the most striking example. Sir, this differentiation you made up there, and your statement about Vault Secrets being completely different from the other offerings in how you can communicate with, is nowhere in HashiCorp's documentation, and I wasted an entire evening trying to figure out how I can use VaultSharp or anything similar to manage secrets on HCP Vault Secrets, until I came across this page. Please add this to your main Readme of VaultSharp.