[jira] [Commented] (CAMEL-11030) Add a vault service to manage secrets

Fri, 17 Mar 2017 04:56:05 -0700 

    [ 
https://issues.apache.org/jira/browse/CAMEL-11030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15929823#comment-15929823
 ] 

Zoran Regvart commented on CAMEL-11030:
---------------------------------------

I would like to see support for injecting secrets into component/endpoint 
configuration, for instance in {{@Metadata}} or a new annotation 
{{@Credentials}}, a simple interface that the Component or Endpoint can 
implement would be {{HoldsCredential}} something like:

{code:java}
public interface HoldsCredential {
    void credentialChanged(Credential c) throws CredentialRejectedException;
}
{code}

Then we could have:
{code:java}
public abstract ComponentWithCredentials extends DefaultComponent implements 
HoldsCredential {
    public void credentialChanged(Credential c) throws 
CredentialRejectedException {
        // sets the property
        credentialsHaveChanged(c); // notifies the component
    }

    protected abstract credentialsHaveChanged(Credential c);
}
{code}

And the analogue for Endpoints.

Credential might look like:

{code:java}
public interface Credential<T> {
    String type();
    String name();
    T value();
}
{code}

We probably would need to think a bit about the kind of credentials we can 
support, I'm thinking:
- username/password
- token (strings)
- certificate/private key


> Add a vault service to manage secrets
> -------------------------------------
>
>                 Key: CAMEL-11030
>                 URL: https://issues.apache.org/jira/browse/CAMEL-11030
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-core
>            Reporter: Luca Burgazzoli
>             Fix For: Future
>
>
> Lot of components these days are supposed to manage secrets such as auth 
> tokens etc. but as there's no common support in camel each component is 
> implementing the same concept which increase the maintenance cost.
> It would be nice to have a vault service in camel-core so that components can 
> leverage and extend it, some ideas/examples:
> - to store auth tokens and delegate to the vault the notification about 
> expiration and renewal when needed (by registering some functions/callbacks)
> - to provide different backends like kubernetes secrets, hashicorp's vault,
> - to provide different workflow (i.e. JSON Web Token)
> - to use the vault as properties source if someone prefix a property with 
> vault like {{vault:db.password}}
> The interface should be as simple as possible.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to