Hello Team,
We have a requirement to retrieve data from Vault using the HashiCorp Vault plugin in XL-Deploy. While we can successfully connect to Vault and retrieve data, the tokens in Vault need to be renewed every 30 days, and cannot be set to no expiration. This constant renewal is problematic.
To address this, we’re exploring whether XL-Deploy can utilize a JWT token to authenticate with third-party tools like Vault. This would eliminate the need for users to create or renew tokens every time in XL-Deploy. We have a similar functionality in GitLab.
Here’s a reference to the GitLab documentation: CI_JOB_JWT, https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
Can we investigate implementing something similar in XL-Deploy?
Best regards,
Keerthi
by: ALM t. | 2 months ago | Integrations
Comments
We will assess the necessary changes and the effort required in November 2024, and will provide updates in this thread.
During our investigation, we realized that we need to gather additional detailed information. Could you please provide the following:
1) What is the current authentication method used in your Vault framework - token or AppRole?
2) What is the refresh mechanism for renewing your token and secret ID?
3) Can you provide more details on how the JWT/OIDC authentication method would be beneficial?