Skip to content

[Feature]: Implement HashiCorp Vault Backend for Sensitive Values #23

New issue
New issue
Open
Feature
Open
[Feature]: Implement HashiCorp Vault Backend for Sensitive Values#23
Feature
Labels
enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is needed
@ritwik-g

Description

@ritwik-g
ritwik-g
opened on Feb 27, 2025

Title

[Feature]: Implement HashiCorp Vault Backend for Sensitive Values

Problem Statement

After implementing the GCS backend for sensitive values, we need to expand support to other popular secret management systems. HashiCorp Vault is a widely used open-source solution for secrets management.

Proposed Solution

Implement a HashiCorp Vault backend for sensitive values:

  1. Create a Vault backend implementation:

    • Implement VaultValueBackend class that extends the ValueBackend interface
    • Add authentication and configuration for HashiCorp Vault
    • Implement secure storage and retrieval of sensitive values

  2. Update the configuration schema:

    • Add Vault-specific configuration options to the backend_config schema
    • Document the required Vault permissions and setup

  3. Add CLI commands for Vault backend configuration:

    • Add options to configure Vault address, authentication method, and paths
    • Support various Vault authentication methods (token, AppRole, Kubernetes, etc.)

  4. Update documentation:

    • Add user guide for configuring and using HashiCorp Vault
    • Add examples and best practices

Implementation Details

The implementation will:

  1. Store sensitive values in HashiCorp Vault with appropriate encryption
  2. Use reference-based approach where only references are stored in the config file
  3. Support automatic retrieval of sensitive values when needed
  4. Include proper error handling for Vault-specific errors
  5. Add comprehensive tests for the Vault backend

Dependencies

This feature depends on the implementation of the base sensitive values support with the GCS backend.

Additional Context

This is part of a series of backend implementations for sensitive values, including:

  • GCS
  • AWS Secrets Manager
  • Azure Key Vault
  • HashiCorp Vault
  • Git Secret

Each backend will be implemented as a separate task to maintain focus and allow for incremental releases.

Labels

  • enhancement

Requirements

  • This feature aligns with the project's scope and goals
  • I've checked that this feature doesn't already exist
  • I've searched for existing feature requests

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is needed

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions