Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restart on Vault Errors #8

Open
richcar58 opened this issue Feb 29, 2024 · 0 comments
Open

Restart on Vault Errors #8

richcar58 opened this issue Feb 29, 2024 · 0 comments
Assignees
Labels
enhancement New feature or request

Comments

@richcar58
Copy link

When Vault becomes inaccessible to SK, we should consider ways to surface the problem and, if necessary, force an automatic restart of SK. There are a number of things to consider:

  1. Even without Vault, SK can service the authorization requests.
  2. We have to distinguish between transient failures and ones that will not heal with time.
  3. On startup in production environments, SK already exits if it cannot access Vault. Mirroring this behavior anytime Vault becomes inaccessible is one possible mode of operation, but a better option might be for SK to stay up and issue operator alerts (ex: email to support) until its token expires.
  4. If SK's token expires, it will have to either have to reacquire its role_id and short-lived secret_id to get token. It can do this by restarting or by executing this bootstrapping function while run. Implementing the latter approach in a secure way is not trivial.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: To Do
Development

No branches or pull requests

2 participants