-
Story
-
Resolution: Done
-
Major
-
Pipelines 1.16.0
-
1
-
False
-
None
-
False
-
SECFLOWOTL-113 - Enable Rotation for Storage URL and Vault Token Secret for Tekton Chains
-
-
-
10
-
Pipelines Sprint TekShift 5, Pipelines Sprint TekShift 6, Pipelines Sprint TekShift 7, Pipelines Sprint TekShift 8, Pipelines Sprint TekShift 9, Pipelines Sprint TekShift 10, Pipelines Sprint TekShift 11, Pipelines Sprint Pioneers 12, Pipelines Sprint Pioneers 13
- Vault Agent Injector (https://developer.hashicorp.com/vault/docs/platform/k8s/injector) allows injecting token inside a pod with certain annotations at a particular path.
`vault.hashicorp.com/agent-inject-token: true`. Chains controller should be able to be configured to read the token injected by the agent injector.- We need to make sure that the token being read by the sigstore library is up to date at all times.
- either symlink the file to the location where sigstore expects
- or, make sure the upstream sigstore library is configured with a custom path
- we can implement this without sigstore in the short term (but probably not ideal)
- chains controller can read this and
- set content of tokenpath as VAULT_TOKEN env var
OR - copy contents of tokenpath to ~/.vault-token
- set content of tokenpath as VAULT_TOKEN env var
- chains controller can read this and
- We need to make sure that the token being read by the sigstore library is up to date at all times.
- is cloned by
-
SRVKP-5858 Tekton Operator config update to include KMS token directory, Mongo server URL, Mongo Server dir properties
-
- Closed
-
- is documented by
-
-
- Closed
-