Vault integration
First goal
Store credential in a dedicated micro-service.
An open source project is targeted to store in a safe mode all credentials to services named Vault
Technical description
Each credential will be stored in Key/Value mode.
The Key will identify the access, and the Value will contains all necessary informations to configure the access.
The json requires to store typed data. For that a definition model will support:
FTP Model
Key | Type | Optional | Default |
---|---|---|---|
type |
string |
false |
ftp |
hostname |
string |
false |
|
hostname |
integer |
true |
21 |
secure |
boolean |
true |
false |
username |
string |
true |
null |
password |
string |
true |
null |
Example of a configuration:
{
"type": "ftp",
"hostname": "ftp.media-cloud.ai",
"username": "username",
"password": "password"
}
S3 Model
Key | Type | Optional | Default |
---|---|---|---|
type |
string |
false |
s3 |
hostname |
string |
true |
null |
access_key_id |
string |
false |
null |
secret_access_key |
string |
false |
null |
region |
string |
true |
us-east-1 |
Example of a configuration:
{
"type": "s3",
"access_key_id": "ACCESS_KEY",
"secret_access_key": "SECRET"
}
HTTP Model
Key | Type | Optional | Default |
---|---|---|---|
type |
string |
false |
http |
endpoint |
string |
false |
null |
method |
enum (GET, PUT, POST, HEAD, OPTIONS) |
true |
GET |
headers |
string as a json map of string/string |
true |
{} |
body |
string |
true |
` ` |
Example of a configuration:
{
"type": "http",
"access_key_id": "http://example.com/api",
"method": "POST",
"headers": "{\"Content-Type\": \"application/json\"}",
"body": "{}"
}
Generic Model
Key | Type | Optional | Default |
---|---|---|---|
type |
string |
false |
generic |
Any couple of Key/Value can be added.
Value is a nullable string.
Example of a configuration:
{
"type": "generic",
"custom_key": "Custom Value"
}
Changes
An API into Step Flow will be exposed to manage stored credentials in Vault service, it will be based on the library libvault.
On MCAI Worker SDK the support of this features requires:
- Access to Vault with
rs_amqp_worker
- switch from backend API to Vault API
- support proposed credential models
- Update
c_amqp_worker
- Update
py_amqp_worker