Skip to content
This repository has been archived by the owner on Jan 9, 2023. It is now read-only.

Dynamic vault policies per instance #34

Open
simonswine opened this issue Nov 15, 2017 · 0 comments
Open

Dynamic vault policies per instance #34

simonswine opened this issue Nov 15, 2017 · 0 comments
Labels
area/security

Comments

@simonswine
Copy link
Contributor

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug
/kind feature

What happened:

Currently every instance of a role has exactly the same permissions in vault. That means every node can request any node name / ip address

What you expected to happen:

Instance should only get their real IP addresses/node names certified

I think we need a vault-controller, that is watching AWS for instance creation and the we can have custom policies per instance. The instance auth should be done using the now existing ec2 auth.

Dynamic policy in vault is sadly enterprise only 💵💵💵💵
@jetstack-bot jetstack-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 15, 2017
@simonswine simonswine added area/security and removed kind/feature Categorizes issue or PR as related to a new feature. labels Nov 15, 2017
@simonswine simonswine mentioned this issue Nov 15, 2017
Closed
@simonswine simonswine mentioned this issue Mar 7, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simonswine @jetstack-bot