You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 9, 2023. It is now read-only.
Currently every instance of a role has exactly the same permissions in vault. That means every node can request any node name / ip address
What you expected to happen:
Instance should only get their real IP addresses/node names certified
I think we need a vault-controller, that is watching AWS for instance creation and the we can have custom policies per instance. The instance auth should be done using the now existing ec2 auth.
Dynamic policy in vault is sadly enterprise only 💵💵💵💵
The text was updated successfully, but these errors were encountered:
Is this a BUG REPORT or FEATURE REQUEST?:
What happened:
Currently every instance of a role has exactly the same permissions in vault. That means every node can request any node name / ip address
What you expected to happen:
Instance should only get their real IP addresses/node names certified
I think we need a vault-controller, that is watching AWS for instance creation and the we can have custom policies per instance. The instance auth should be done using the now existing ec2 auth.
Dynamic policy in vault is sadly enterprise only 💵💵💵💵
The text was updated successfully, but these errors were encountered: