Sn0rt commented on issue #8319:
URL: https://github.com/apache/apisix/issues/8319#issuecomment-1722829247
# Define the Data Range That Secret Manager Can Protect
The following configuration is designed to obtain values from the secert
manager, which is called referenceable.
- [ ] Identity authentication plug-in
- [x] Basic-auth 's password
- [x] Key-auth key
- [x] user_dn for Ldap-auth
- [x] appid of Wolf-rbac
- [x] Hmac-auth’s access_key and secret_key
- [x] Jwt-auth secret
- [ ] client_secret of authz-keycloak (need test case
- [ ] client_secret of authz-casdoor (need test case
- [ ] client_secret of openid-connect (need test case
- [ ] The RBAC configuration file information of authz-casbin requires
secondary confirmation.
- [ ] Log plugin
- [ ] auth_header (option) of Http-logger
- [ ] tls_options(option) of Tcp-logger
- [ ] brokers.sasl_config.user, brokers.sasl_config.password, key(option)
of kafka-logger
- [ ] access_key, secret_key of rocketmq-logger
- [ ] user, password of clickhouse-logger
- [ ] error-log-logger of clickhouse.user, clickhouse.password,
kafka.brokers.sasl_config.user, kafka.brokers.sasl_config.password, kafka.key
- [ ] access_key_id, access_key_secret of sls-logger
- [ ] The entire auth_config object of google-cloud-logging
- [ ] loggly customer_token
- [ ] elasticsearch-logger's auth entire object
- [ ] secret_id secret_key of tencent-cloud-cls
- [ ] Sensitive data at startup needs to be protected by secret manager
- [ ] Proposal:
- [ ] config-default.yaml
- [ ] apisix.ssl.key_encrypt_salt is used to encrypt data and does not
write the data key to etcd naked.
- [ ] apisix.data_encryption is used to encrypt data, without writing the
data key to etcd naked.
- [ ] apisix.discovery.nacos.host
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
