Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance Daemon Mode to Dynamically Regenerate Secrets After Max TTL Expiry #204

Open
2 tasks done
4FunAndProfit opened this issue Oct 22, 2024 · 1 comment
Open
2 tasks done

Enhance Daemon Mode to Dynamically Regenerate Secrets After Max TTL Expiry #204

4FunAndProfit opened this issue Oct 22, 2024 · 1 comment
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed.

Comments

@4FunAndProfit
Copy link

4FunAndProfit commented Oct 22, 2024
edited
Loading

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I agree to follow the Code of Conduct.

Problem Description

Issue Description:
In the current daemon mode implementation for vault-env, dynamic secrets are revoked once their max_ttl expires, which causes the renewal process to stop. This limitation can lead to disruptions in services relying on dynamic secrets, such as database credentials, after the max_ttl has been reached.
(See bank-vaults/bank-vaults#856)

Proposed Solution

Would it be possible to enhance the daemon mode to handle this scenario by dynamically regenerating the secrets (e.g., creating new tokens or rotating credentials) when the max_ttl is reached? Alternatively, is there another solution or workaround that can keep the secrets up to date without manual intervention after the max_ttl expires?

Thank you for your help!

Alternatives Considered

A lot but don’t find a correct solution for now 😭😂

Additional Information

No response
@4FunAndProfit 4FunAndProfit added the kind/enhancement Categorizes issue or PR as related to an improvement. label Oct 22, 2024
@github-actions GitHub Actions
Copy link

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@4FunAndProfit