It would be cool to be able to save some settings like API keys in a vault for reuse. Maybe on a per environment basis. I would prefer not to have to give out API keys to anyone wanting to create hosts for an environment, but just give them access to rancher and rancher knows the keys, etc. that the environment that they belong to can use.
Could be an integration point with things like Hashicorp Vault or other tools or anything else that you super dudes think up.
Secrets management is something we have plans to add to Rancher. Vault is definitely something we are considering to integrate with Rancher.
The issue doesn’t have much in it but at least it shows you that we know this is something we need to add very soon.
Cool, I definitely think integration with existing secret keepers is the way to go. Ultimately we would like to let our capability teams (Devs, BA, QA, etc) folks run wild in there own environment in rancher, without having to give them keys, etc. to do it. I know that means RBAC too.
Thanks
Bryan
Yeah, we just released a read-only member permissions on the environment level that should cover a large chunk of use cases but the full RBAC solution will require a lot more work to have granular control over the API access.
has there been any further progress on this ? We use vault in our systems and would be great to integrate into rancher