Support isolated unit backend?
Bug #1809353 reported by
Tim Van Steenburgh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Vault KV Charm Layer |
New
|
Undecided
|
Unassigned | ||
Bug Description
Opened by johnsca on 2018-11-19 20:20:58+00:00 at https:/
-------
Currently, the Vault charm and interface:vault-kv only support requesting a single secrets backend and approle which can either be isolated or not. This means that the unit KV data (and by extension, VaultLocker data), while namespaced to the unit, is not actually isolated from being read by the other units. This is not a huge issue, since they're units of the same application, but ideally we would use separate backends so that the isolation could be enforced by Vault.
To post a comment you must log in.
