Vault: Example Secrets Engine Plugin

Created on 4 Jun 2019  路  9Comments  路  Source: hashicorp/vault

Is your feature request related to a problem? Please describe.
I found documentation on developing custom secrets engine plugins lacking, which made it difficult to develop my own. Furthermore, there is not an example secrets plugin like there is for auth. "There is currently no empty sample secrets plugin".

Describe the solution you'd like
I would like to add further documentation, as well as a potential link to the example secrets plugin I have written.

Describe alternatives you've considered
I would also be happy to assist in the development of a vault-secrets-plugin-example repository within the HashiCorp org on Github (similar to vault-auth-plugin-example).

Explain any additional use-cases
There are still numerous types of custom secrets engines that would increase the functionality of Vault, but I believe the current documentation may be limiting the growth of community developed plugins.

Additional context
I would be happy to take on the work involved in satisfying the requests of this issue! Please let me know if this is something the Vault team has an appetite for.

guide
Source
picture hasheddan

Most helpful comment

@mjarmy absolutely! If you init the repo I will refactor what I have built at hasheddan/vault-plugin-secrets-covert and add it

picture hasheddan on 8 Jun 2019
👍2

All 9 comments

Hi Dan (@hasheddan), I would love your collaboration.

Let's work on this in the vault-guides repo where we can create a folder secrets.

Depends on the content:

  1. Extend the existing Building Plugin Backends guide (or cross-reference)
  2. Create a new guide under learn.hashicorp.com
yhyakuna picture yhyakuna on 5 Jun 2019
👍1

Thanks @yhyakuna ! I think there may be a number of places that documentation needs to be updated. I have listed them below, as well as action items for the vault-guides repo:

  • It sounds like there is interest in moving my example plugin into the vault-guides repo with related documentation. I propose placing it in vault-guides/secrets/mock. I would be happy to also create an auth example in the future
  • The Plugin Development section of the internals documentation is out of date with import paths. It could also contain further information around adding your custom plugin to the plugin-directory and enabling it. Some of this may be easier to correct by just referencing the Building Plugin Backends tutorial as you mentioned. However, the import paths certainly should be updated.
  • The Building Plugin Backends tutorial is also out of date as there is no longer a mock plugin at the following link: github.com/hashicorp/vault/logical/plugin/mock/mock-plugin. I propose replacing it instead with the new vault-guides/secret/mock that will be present after the first action item is completed.

It appears that each of these would merit a separate pull request because they involve changes in 3 separate repos (for the last item I am not sure about how updates are made, appears to be internal). Let me know if you are okay with the plan above, or if you have any thoughts or concerns. Thanks!

hasheddan picture hasheddan on 6 Jun 2019
👍1

I can take care of the Building Plugin Backends tutorial. Yes, it hasn't been updated for a very long time. :(

Yes, it would be great if you can add your example under vault-guides/secrets/mock so that our tutorials can leverage it, and whoever else wants to try and learn.

Truly appreciate your contribution!!!

yhyakuna picture yhyakuna on 6 Jun 2019
👍1

Following up with reference to PR in vault-guides/secrets/mock

hasheddan picture hasheddan on 7 Jun 2019
👍1

A vault-secrets-plugin-example repository would be great to have too. If you think you'll have the time to code it up, we could init a repo for you

mjarmy picture mjarmy on 8 Jun 2019
👍1

@mjarmy absolutely! If you init the repo I will refactor what I have built at hasheddan/vault-plugin-secrets-covert and add it

hasheddan picture hasheddan on 8 Jun 2019
👍2

When following the instructions at https://learn.hashicorp.com/vault/developer/plugin-backends#compile-plugin, the binary doesn't actually run because it's not a main package.

The error you'll get is:

./my-mock-plugin 
./my-mock-plugin: line 1: syntax error near unexpected token `newline'
./my-mock-plugin: line 1: `!<arch>'

I think the page needs to be updated to say to use your own plugin, or give a working example.

tonglil picture tonglil on 22 Oct 2019

@tonglil I'll look into this. Thx.

yhyakuna picture yhyakuna on 22 Oct 2019

@tonglil The guide has been updated. Special thanks to @hasheddan for his contribution!

yhyakuna picture yhyakuna on 23 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

maxsivanov picture maxsivanov  路  3Comments
andris9 picture andris9  路  3Comments
passwordleak picture passwordleak  路  3Comments
gtmtech picture gtmtech  路  3Comments
dwdraju picture dwdraju  路  3Comments