Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hcvault: update API, add tests, tidy #1085

Merged
merged 1 commit into from
Jul 12, 2022
Merged

hcvault: update API, add tests, tidy #1085

merged 1 commit into from
Jul 12, 2022

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Jul 5, 2022
edited
Loading

This PR updates the Vault API and client to latest, adds more extensive
test coverage, and general tidying of bits of code.
The improvements are based on a fork of the key source in the Flux
project's kustomize-controller, built due to SOPS' limitation around
credential management without relying on runtime environment variables.

  • Vault API and client have been updated to latest.
  • It introduces a Token type which holds a Vault token, and can be
    applied to the MasterKey. When applied, the token is used in the
    Vault client configuration, instead of relying on the VAULT_TOKEN
    environment variables, or the .vault-token file in the user's home
    directory. This is most useful when working with SOPS as an SDK, in
    combination with e.g. a local key service server implementation.
  • Extensive test coverage.

The forked version of this has compatability tests to ensure it works
with current SOPS:

@hiddeco hiddeco requested a review from ajvb July 5, 2022 14:05
@hiddeco hiddeco marked this pull request as ready for review July 5, 2022 14:05
@hiddeco
hcvault: update API, add tests, tidy
c7ae3ee 
This updates the Vault API and client to latest, adds more extensive
test coverage, and general tidying of bits of code.
The improvements are based on a fork of the key source in the Flux
project's kustomize-controller, built due to SOPS' limitation around
credential management without relying on runtime environment variables.

- Vault API and client have been updated to latest.
- It introduces a `Token` type which holds a Vault token, and can be
  applied to the `MasterKey`. When applied, the token is used in the
  Vault client configuration, instead of relying on the `VAULT_TOKEN`
  environment variables, or the `.vault-token` file in the user's home
  directory. This is most useful when working with SOPS as an SDK, in
  combination with e.g. a local key service server implementation.
- Extensive test coverage.

The forked version of this has compatability tests to ensure it works
with current SOPS:

- https://github.com/fluxcd/kustomize-controller/blob/62fb2d96a297c7e344050f46ee54074ef66dd438/internal/sops/hcvault/keysource_test.go#L130
- https://github.com/fluxcd/kustomize-controller/blob/62fb2d96a297c7e344050f46ee54074ef66dd438/internal/sops/hcvault/keysource_test.go#L202

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco hiddeco mentioned this pull request Jul 6, 2022
Closed
@ajvb
Copy link
Contributor

ajvb commented Jul 12, 2022

🎉

@ajvb ajvb merged commit 09378ff into getsops:develop Jul 12, 2022
@hiddeco hiddeco deleted the hcvault-keysource-imprv branch July 13, 2022 15:31
@hiddeco hiddeco added this to the v3.8.0 milestone Jul 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajvb ajvb ajvb approved these changes

Assignees
No one assigned
Labels
area/keyservice enhancement keyservice/hcvault
Projects
None yet
Milestone
v3.8.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hiddeco @ajvb