Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Support custom CA cert in Database secret backend config #3191

Closed
vreon opened this issue Aug 16, 2017 · 5 comments
Closed

Feature request: Support custom CA cert in Database secret backend config #3191

vreon opened this issue Aug 16, 2017 · 5 comments
Assignees
@vishalnayak
Labels
enhancement secret/database

Comments

@vreon
Copy link

vreon commented Aug 16, 2017

Feature Request:

When configuring the database secret backend to connect to a MySQL database, you can specify ?tls=true, false, or skip-verify in the connection_url DSN, but there's no mechanism for providing a custom CA certificate (e.g. for a private CA).

go-sql-driver/mysql supports a ?tls=<name> option, but <name> must first be registered with mysql.RegisterTLSConfig. (For example, the MySQL storage backend uses this to implement the tls_ca_file setting.)

References:

Mailing list discussion: https://groups.google.com/d/msg/vault-tool/QEQ-07CLNpo/zORnEe3yCAAJ
@jefferai jefferai modified the milestones: next-release, 0.8.2 Aug 16, 2017
@jefferai jefferai modified the milestones: 0.8.2, 0.8.3 Aug 31, 2017
@jefferai jefferai modified the milestones: 0.8.3, 0.8.4 Sep 25, 2017
@jefferai jefferai modified the milestones: 0.9.0, 0.9.1 Nov 8, 2017
@jefferai jefferai modified the milestones: 0.9.1, 0.9.2 Dec 18, 2017
@vreon vreon mentioned this issue Jan 2, 2018
Closed
@jefferai jefferai modified the milestones: 0.9.2, 0.9.3 Jan 17, 2018
@jefferai jefferai modified the milestones: 0.9.3, 0.9.4 Jan 28, 2018
@jefferai jefferai modified the milestones: 0.9.4, 0.10 Feb 14, 2018
@jefferai jefferai modified the milestones: 0.10, 0.10.1 Apr 10, 2018
@jefferai jefferai modified the milestones: 0.10.1, 0.10.2 Apr 19, 2018
@jefferai jefferai modified the milestones: 0.10.2, 0.10.3 May 22, 2018
@jefferai jefferai removed this from the 0.10.3 milestone Jun 11, 2018
@jefferai jefferai added this to the 0.10.4 milestone Jun 11, 2018
@chrishoffman chrishoffman modified the milestones: 0.10.4, 0.10.5 Jul 19, 2018
@jefferai jefferai modified the milestones: 0.10.5 , 0.11 Aug 13, 2018
@Kaisle Kaisle mentioned this issue Oct 28, 2018
Closed
@eirslett eirslett mentioned this issue Dec 16, 2018
Closed
@martinssipenko
Copy link
Contributor

It looks to me that this was implemented by #9181?

cc @jefferai @vreon

@Andor
Copy link
Contributor

Andor commented Aug 11, 2020

@martinssipenko Close enough, but not all mysql features are supported. For instance, there are no client authorisation with certificates. (which also could be signed by Vault CA).

@martinssipenko
Copy link
Contributor

What do you mean @Andor? Isn’t tls_certificate_key exactly for specifying a TLS cert for mutual TLS (client auth with certs).

@vreon
Copy link
Author

vreon commented Aug 11, 2020

Thanks for the heads up, @martinssipenko! Closing this as fixed.

@vreon vreon closed this as completed Aug 11, 2020
@Andor
Copy link
Contributor

Andor commented Aug 11, 2020

@martinssipenko Oh, yeah, you are right!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vishalnayak vishalnayak

Labels
enhancement secret/database
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jefferai @vreon @catsby @chrishoffman @Andor @martinssipenko @vishalnayak