Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-1645

Ability to use AAP OIDC for authentication by 3rd party (e.g. Hashi Vault)

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 2.5
    • controller
    • False
    • Hide

      None

      Show
      None
    • False

      1. What is the nature and description of the request? 

      Remove the need for AAP to use service accounts when authenticating against 3rd party applications such as Hashi Vault for secret retrieval. CBA is looking at the same approach for other 3rd party integrations such as SNOW.

      1. Why does the customer need this? (List the business requirements here)
      2. No need to maintain service accounts and their lifecycle activities such as password rotation
      3. Align to more modern methods of using identity federation using OAUTH and OIDC
      4. How would you like to achieve this? (List the functional requirements here)

      Please refer to the attached document for a sample sequence diagram

      1. List any affected known dependencies: Doc, UI etc..

      Product / engineering teams to determine

      1. Github Link if any

      Refer to the attached document for how GitHub solves this. 

        1. AAP OIDC for Hashicorp Secret retrieval.gdoc
          0.2 kB

              bcoursen@redhat.com Brian Coursen
              sharihar@redhat.com Sivaram Hariharan
              Votes:
              5 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: