Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Future plans for self-service credential management for Concourse teams? #2731

Closed
aegershman opened this issue Oct 26, 2018 · 2 comments
Closed

Future plans for self-service credential management for Concourse teams? #2731

aegershman opened this issue Oct 26, 2018 · 2 comments
Labels
enhancement

Comments

@aegershman
Copy link

What challenge are you facing?

As an operator I don't want teams having to ask me to upload their concourse-referencable credentials into credhub.

If a team wants credentials for their team to be changed, they have to:

  • Know who to contact && then figure out a way to send their credentials (sometimes email, which makes me physically ill)
  • Often some back and forth about "are you sure this is the right path? is this spelled correctly? is this supposed to be json or a user or what?" etc.
  • Wait for me to get around to it, which involves me formatting everything into a credentials.yml bulk upload
  • "alright it's uploaded can you check?"

Or sometimes we do a private git repo to do credential exchange. Which is still definitely not ideal.

What would make this better?

Some ability for teams to self-service their own credhub credentials to be used within their concourse team. It's not the end of the world if this doesn't get implemented anytime soon. Credhub 2.x just introduced scoped permissions, and even the credhub-cli doesn't support permission management commands yet. So I imagine it'll be a while before a robust self-service workflow emerges.

I'd just like to know if there's some kind of vision or roadmap for how self-service credential management via credhub could work in the future?

Are you interested in implementing this yourself?

God help us all, no. But thank you for asking.

See also:
@jama22
Copy link
Member

jama22 commented Oct 31, 2018

Regarding credentials management with CredHub, we've only just started to look at making Concourse work with scoped permissions in the 2.x series (as you identified in #2723). I've seen some folks build out entire tooling around Concourse to make cred mgmt more self-service, but that was with Vault. I think its definitely something we can look at now that we have RBAC in place and (in the future) compatibility with CredHub 2.x

I think @vito has been looking for feedback as well in https://github.com/concourse/rfcs/issues/5 so make sure you drop a note!

@aegershman
Copy link
Author

Closing this in favor of the discussion in concourse/rfcs#5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aegershman @jama22