It would be cool to be able to save some settings like API keys in a vault for reuse. Maybe on a per environment basis. I would prefer not to have to give out API keys to anyone wanting to create hosts for an environment, but just give them access to rancher and rancher knows the keys, etc. that the environment that they belong to can use.
Could be an integration point with things like Hashicorp Vault or other tools or anything else that you super dudes think up.
Cool, I definitely think integration with existing secret keepers is the way to go. Ultimately we would like to let our capability teams (Devs, BA, QA, etc) folks run wild in there own environment in rancher, without having to give them keys, etc. to do it. I know that means RBAC too.
Yeah, we just released a read-only member permissions on the environment level that should cover a large chunk of use cases but the full RBAC solution will require a lot more work to have granular control over the API access.