Community Plugins - Maintainers Wanted!

[cipherboy]

Background

As part of #64 and the 17-part (16 merged) pull request chain, numerous plugins were removed from OpenBao that were previously built into HashiCorp Vault.

We can split off their git histories with git subtree split and form new repositories under the OpenBao organization space as maintainers step forward.

I'd propose moving https://github.com/JanMa/openbao-plugin-secrets-nomad into the OpenBao as well, if @JanMa is willing, and consider it maintained.

Call for Maintainers

This is a call for maintainers of external plugins! If you're interested in maintaining one of the removed plugins, please let us know!

[JanMa]

I would like it if we would "officially" support the most used plugins by forking them in the openbao org. I don't think the Nomad plugin is among them, but thinks like Cloud provider auth plugins certainly are.

In my professional Vault usage I rely on gcp auth, so I would be willing to fork that plugin and maintain it down the road, in addition to the Nomad plugin I already forked.

[tamalsaha]

We (github.com/kubevault) are interested in maintaining the database plugins.

[v0nNemizez]

I can help with The azure auth plugin

[cognifloyd]

I'm interested in this plugin:

• auth-okta

And I might be interested in these in the future:

• database-mongodb
• database-redis
• secrets-terraform (or a secrets-opentofu?)

If I become a maintainer, what would that commitment include? Would I need to figure out the right git subtree split command? Or do you already have a script for splitting a plugin into a new plugin repo?

Also, would I be able to use plugins built for vault? Or would they have to be migrated to use openbao libs? In particular, would I be able to use this plugin with openbao? https://github.com/martinbaillie/vault-plugin-secrets-github

[cipherboy]

\o hello @cognifloyd and others!

I think we've been waiting on the TSC to form to start a formal process for broad maintainer access...

To fork in-tree plugins, yes, we'll need to do a git subtree split command from the before-plugin-removal tag. I've not created a script yet.

You should be able to use plugins built for Vault as we're hoping to keep compatibility in that regard. Upstream's API/SDK should remain compatible with OpenBao, we imagine though cannot guarantee, and certainly upstream may diverge from our plugin compatibility over time. For the time being, we intend to remain compatible as best we can, including using our API/SDK to build plugins with (present) upstream Vault versions. @DrDaveD has had some success in #317 after #321 landed (which should be in the upcoming beta).

HTH!