The time (in milliseconds) after which the value of the key
stored in the cache becomes invalid and an attempt to read this
data causes a new request send to the vault server. By default,
cache entries become invalid after 60,000 milliseconds (after
one minute).
If the value of this parameter is zero, then the keys will always
be considered invalid, but they still can be used if the vault
server is unavailable and the corresponding cache operating mode
(--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
is enabled.
The time (in milliseconds) after which the information about
latest version number of the key (which stored in the cache)
becomes invalid and an attempt to read this information causes
a new request send to the vault server.
If the value of this parameter is zero, then information abount
latest key version numbers always considered invalid, unless
there is no communication with the vault server and use of the
cache is allowed when the server is unavailable.
By default, this parameter is zero, that is, the latest version
numbers for the keys stored in the cache are considered always
invalid, except when the vault server is unavailable and use
of the cache is allowed on server failures.
hashicorp-key-management & spider descriptions for RPMs
12a4e9f...
by
Julius Goryavsky <email address hidden>
MENT-1083: hashicorp plugin blocks server start
The plugin configuration file for hashicorp vault plugin
must be manually modified by the user in order to enter
the necessary parameters, such as the url to access the
vault server and the secret token. If these parameters
are not set properly, an attempt to connect to the server
is completed by timeout, which leads to a startup blocking.
This commit contains a modified configuration file that
prevents the plugin from loading until it is configured.
The user must manually configure all the necessary parameters
and explicitly uncomment the plugin loading by uncommenting
the corresponding line in the configuration file. Also
this fix is to change the maturity level to avoid an error
when loading the plugin (due to the fact that the maturity
level was now set to beta).
f0cafea...
by
Julius Goryavsky <email address hidden>
MENT-863: hashicorp plugin misses a .cnf file with helpful comments
Added a file describing the plugin options. In addition,
removed an extra code fragment that does not affect the
functioning of the plugin. No new tests are required.
37d874e...
by
Julius Goryavsky <email address hidden>
MENT-471: Plugin implementation for the Hashicorp Vault KMS
- Authentication is done using the Hashicorp Vault's token
authentication method;
- If additional client authentication is required, then the
path to the CA authentication bundle file may be passed
as a plugin parameter;
- The creation of the keys and their management is carried
out using the Hashicorp Vault KMS and their tools;
- Key values stored as hexadecimal strings;
- Key values caching is supported.
- The plugin uses libcurl (https) as an interface to
the HashiCorp Vault server;
- JSON parsing is performed through the JSON service
(through the include/mysql/service_json.h);
- HashiCorp Vault 1.2.4 was used for development and testing.