Is your feature request related to a problem? Please describe.
Atlas is the cloud-based enterprise DaaS solution. If you have an enterprise subscription, you are most likely using the Atlas product. The problem is, all DB users are managed via the web GUI or via the HTTP API. Thus, any user created by the MongoDB driver will be immediately erased by Atlas, invalidating the usefulness of the mongodb driver for anything but a community edition of the database. This is insufficient for any organization that intends on seriously leveraging Vault and MongoDB together
Describe the solution you'd like
Please create a MongoDB Atlas Database Secrets plugin. The plugin would interact not with the database directly, but rather with the HTTP API.
Describe alternatives you've considered
I suspect other coming DaaS solutions may benefit from a generic HTTP API Secrets Engine. This would also fit our needs potentially
Explain any additional use-cases
Any use case related to Enterprise MongoDB falls within the purview of this request
Additional context
A Go library for interacting with Atlas does already exist, so this might be pretty simple to implement at least as a Custom Database Secrets Engine.
https://github.com/akshaykarle/go-mongodbatlas
ahartma1
All 11 comments
We are also in critical-need of this as a native secret plugin. Thank you!
erickufrin
on 11 Jan 2019
I got a tentative yes-ish from Nicolas on mIRC who works at hashicorp.
ahartma1
on 11 Jan 2019
but that was awhile ago
ahartma1
on 11 Jan 2019
really need this dynamic secret functionality!!
brianjo1
on 18 Jan 2019
I agree this would be good to see
tmackness
on 19 Jan 2019
Third party plugin is available https://github.com/mealal/vault-atlas-plugin . We've tested it at our environments and it works.
gordonbondon
on 28 Mar 2019
@gordonbondon I'm having trouble building the plugin. DId you have any issue resembling this ?
# github.com/mealal/vault-atlas-plugin/vendor/github.com/hashicorp/vault/sdk/helper/certutil
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:337:7: unknown field 'URIs' in struct literal of type x509.Certificate
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:394:94: in.URIs undefined (type *x509.Certificate has no field or method URIs)
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:517:7: unknown field 'URIs' in struct literal of type x509.Certificate
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:632:7: unknown field 'URIs' in struct literal of type x509.CertificateRequest
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:737:15: certTemplate.URIs undefined (type *x509.Certificate has no field or method URIs)
edited
So I tried upgrading go on my AMZLInux2 box.
I had 1.9.4 now I have 1.11.9
Now the error message is :
./atlas.go:51:56: cannot use db (type *Atlas) as type dbplugin.Database in argument to dbplugin.NewDatabaseErrorSanitizerMiddleware:
*Atlas does not implement dbplugin.Database (missing SetCredentials method)
I'll continue here
https://github.com/mealal/vault-atlas-plugin/issues/3
JnMik
on 19 Jul 2019
I never saw that this was implemented, but thank you guys for all your work!
@jnmik
ahartma1
on 19 Jul 2019
Thanks @ahartma1, it will serve me well to install the plugin. Seems pretty straight forward.
I just need to manage to build it first -_-
lol
JnMik
on 19 Jul 2019
Ther's now an official plugin https://github.com/mongodb/vault-plugin-secrets-mongodbatlas
gordonbondon
on 8 Aug 2019
Hope this gets added to core plugins :)
Throckmortra
on 9 Dec 2019
Related issues
trodemaster
路
3Comments
andris9
路
3Comments
mfischer-zd
路
3Comments
weisinc
路
3Comments
Wonder007
路
3Comments
Most helpful comment
really need this dynamic secret functionality!!