You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When Vault becomes inaccessible to SK, we should consider ways to surface the problem and, if necessary, force an automatic restart of SK. There are a number of things to consider:
Even without Vault, SK can service the authorization requests.
We have to distinguish between transient failures and ones that will not heal with time.
On startup in production environments, SK already exits if it cannot access Vault. Mirroring this behavior anytime Vault becomes inaccessible is one possible mode of operation, but a better option might be for SK to stay up and issue operator alerts (ex: email to support) until its token expires.
If SK's token expires, it will have to either have to reacquire its role_id and short-lived secret_id to get token. It can do this by restarting or by executing this bootstrapping function while run. Implementing the latter approach in a secure way is not trivial.
The text was updated successfully, but these errors were encountered:
When Vault becomes inaccessible to SK, we should consider ways to surface the problem and, if necessary, force an automatic restart of SK. There are a number of things to consider:
The text was updated successfully, but these errors were encountered: