-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bring your own key storage #360
Comments
So we can keep brainstorming here, I want to just draw out a few secret keys that wasmCloud uses throughout its lifecycle. There are:
Did I miss anything here @autodidaddict? Really looking to outline where our keys are today so we can understand when |
I think this is a good enhancement that @c00kiemon5ter suggests. Was just discussing with someone about Mozilla SOPS vs. Hashicorp Vault. There's some comparison out there, but I am using neither atm. Hashicorp Vault is excellent, I've heard. But for me personally - and possibly to consider as a sensible default for wasmCloud too - I'd start with a support (tested integration) for SOPS. Why? Because this represents the keep-it-simple(r) approach (and Git storage is appealing to me), at the lower end of scalability requirements and the more vendor-neutral approach.
For reference: 2023-06-14-community-meeting.md This key storage is like an NFR and shouldn't that mean that there'd be something like a Aside: I really liked this terminology of "encrypted data vault" (from Rebooting the Web of Trust conference 2019), more aligned with Solid project, the notion of "personal data vaults" that you give applications controlled access to. |
We do have an implementation of the https://github.com/wasmCloud/capability-providers/tree/main/kv-vault |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this has been closed too eagerly, please feel free to tag a maintainer so we can keep working on the issue. Thank you for contributing to wasmCloud! |
Hashicorp received a ton of criticism with its move to BSL and many people vowing to move away from HC. I see that Vault is also under the BSL license. An argument for BYOKS :)
There's likely some Rust-native vaults. Quick search found https://lib.rs/crates/secret-vault |
* updated action to allow arm64 linux releases Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * test deb/rpm action Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * pr on main Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * try single quotes Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * one more try Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * fixed use cross build Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * removed comments Signed-off-by: Brooks Townsend <brooks@cosmonic.com> Signed-off-by: Brooks Townsend <brooks@cosmonic.com>
* updated action to allow arm64 linux releases Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * test deb/rpm action Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * pr on main Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * try single quotes Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * one more try Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * fixed use cross build Signed-off-by: Brooks Townsend <brooks@cosmonic.com> * removed comments Signed-off-by: Brooks Townsend <brooks@cosmonic.com> Signed-off-by: Brooks Townsend <brooks@cosmonic.com>
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this has been closed too eagerly, please feel free to tag a maintainer so we can keep working on the issue. Thank you for contributing to wasmCloud! |
@brooksmtownsend did we want to keep this around and mark so it doesn't go stale? |
FYI a recent development around HashiCorp and their adoption of BUSL license is that after Terraform (to OpenTofu) now the intent is to also fork Vault into OpenBao under an MPL license and as a Linux Foundation project. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this has been closed too eagerly, please feel free to tag a maintainer so we can keep working on the issue. Thank you for contributing to wasmCloud! |
Is it stale? |
Now that you commented, it's not! The stalebot is a good reminder for us to come back to issues and figure out why we haven't had movement here. I know this is something we're interested in and I think the latest development is that we know we'll likely want to serve secrets to components using something like |
Bad stalebot, this wasn't stale |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this has been closed too eagerly, please feel free to tag a maintainer so we can keep working on the issue. Thank you for contributing to wasmCloud! |
I watched the latest wasmCloud Community Meeting - 14 Jun 2023.
I really like the idea of being able to use Vault with wasmCloud.
This would be a requirement for the things I work for.
I would certainly be interested in such a direction 馃憤
The text was updated successfully, but these errors were encountered: