Hi, community, I wanted to talk to you about tweaking the way the jwt-auth plugin integrates with Vault.
WHAT Currently, the jwt-auth plugin can be integrated with HashiCorp Vault to save the secret value in the Vault. Specific usage reference: https://github.com/apache/apisix/blob/master/docs/en/latest/plugins/jwt-auth.md#usage-with-hashicorp-vault After version 3.1.0, APISIX can connect to Vault through Secret resource, which is applicable to all identity authentication plug-ins in APISIX and has better versatility. The original design can be referred to: https://github.com/apache/apisix/issues/8319 Therefore, we plan to remove the Vault configuration of the jwt-auth plugin itself, and use the APISIX Secret resource to provide the jwt-auth plugin with the ability to integrate with Vault. WHY 1. Merge codes with the same function to make the code of APISIX more concise 2. The jwt-auth plugin can more conveniently connect to more Secret Managers (such as: Vault, etc.) 3. The private_key of jwt-auth plugin can also be saved in Vault HOW 1. Delete the vault configuration of the jwt-auth plugin 2. Delete apisix/core/vault.lua After doing this, if we need to save the secret configuration in Vault, we can do this: First, create the corresponding secret in the vault. You can use the following command: vault kv put apisix/jack jwt-key=value Next, you can configure APISIX through the following steps: Step 1: Add Secret resources through the Admin API, and configure the connection information such as the address of the vault: curl http://127.0.0.1:9180/apisix/admin/secrets/vault/1\ -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "https://127.0.0.1:8200";, "prefix": "apisix", "token": "root" }' Step 2: Refer to the Secret resource in the jwt-auth plugin and fill in the secret information curl http://127.0.0.1:9180/apisix/admin/consumers\ -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "username": "jack", "plugins": { "jwt-auth": { "key": "user-key", "secret": "$secret://vault/1/jack/jwt-key" } } }' -- *Shirui Zhao* My GitHub: https://github.com/soulbird
