Support AWS STS for the vault secrets backend for aws
See original GitHub issueIs your feature request related to a problem? Please describe. Would like to get STS working with the vault secrets backend for aws under spring vault. Currently, it appears that spring vault only supports IAM User or (/aws/creds/:name) and not other credential types such as STS federation token or Assumed role (/aws/sts/:name). I do not see any configuration options documented for alternate credential types.
Describe the solution you’d like
Ideally, we would have a configuration option such as credential_type
that could be set to one among iam_user
, assumed_role
or federation_token
that would then map these to either /aws/creds
for iam_user or /aws/sts
for the federation token or assumed role.
Describe alternatives you’ve considered NA
Additional context NA
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:6 (6 by maintainers)
Top GitHub Comments
Feel free to submit a pull request. I’m not terribly familiar with AWS services so happy to collaborate on getting AWS STS into Spring Cloud Vault.
@mp911de - Confirmed the issue I noticed above with revoke to be unrelated to the permissions. Seems like an out-of-order loading problem upon refresh. I have logged an issue for this one: https://github.com/spring-projects/spring-vault/issues/633