Skip to content
This repository has been archived by the owner on Oct 23, 2023. It is now read-only.

Configurable edgex secret store #21

Closed
farshidtz opened this issue Apr 8, 2022 · 1 comment
Closed

Configurable edgex secret store #21

farshidtz opened this issue Apr 8, 2022 · 1 comment

Comments

@farshidtz
Copy link
Member

PR #20 adds the support for edgex-security option set to on/off. This is fine in most settings but is not extensible to allow other ways to provide the secret. Moreover, it isn't so intuitive because it sets the "edgex-security" to off even though the redis credentials may be passed via other means to allow secure connections. What it really does is to disable redis credentials setup. The redis credential setup involves (1) querying credentials from a vault (local, default port) using the vault token provided by the content interface and (2) injecting credentials into config files.

We can get inspiration from toml secret store section in configuration files of other services. E.g. device-mqtt:

[SecretStore]
Type = "vault"
Host = "localhost"
Port = 8200
Path = "device-mqtt/"
Protocol = "http"
RootCaCertPath = ""
ServerName = ""
# Uncomment to seed service secrets file
# SecretsFile = "/tmp/edgex/secrets/device-mqtt/secrets.json"
DisableScrubSecretsFile = false
TokenFile = "/tmp/edgex/secrets/device-mqtt/secrets-token.json"
    [SecretStore.Authentication]
    AuthType = "X-Vault-Token"
@farshidtz
Copy link
Member Author

No longer relevant. EdgeX secret store usage is now disabled with config.edgex-security-secret-store=false.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@farshidtz