Vault Cassandra Database Secrets Engine

[sylvainblot]

What version of Cassandra are you using?

DSE 6.8.34

What version of Gocql are you using?

v1.4.0

What version of Go are you using?

1.20.3

What did you do?

I would like to implement Vault Cassandra Database Secrets Engine to use short-lived credentials https://developer.hashicorp.com/vault/docs/secrets/databases/cassandra

As there is no maximum connection age exposed to trigger a new authentication, do you have any recommendations on how to achieve a seamless integration?

Kind regards

[martin-sucha]

Hi! Currently there is no way to force rotating connection pool's connections, although it seems like a useful feature to have.

At the moment you could create a whole new Session and switch your code to use it (for example using atomic.Pointer, but it is not seamless, you need support in the code using the Session for doing the switch.

We can write down some requirements first what would be needed for the seamless integration:

• We need a way to request from gocql to rotate connections.
• Old connection to a node would only be closed after new connection work.
• The user might need to wait for the rollout to complete and be informed of an error.

Any other requirements?

[sylvainblot]

Hi Martin, Sounds like a perfect plan!