Joining the Hashicorp Vault integration program & get plugin into HCP Vault & Vault Enterprise #212
Comments
|
@iniinikoski JFrog is already a technology partner with HashiCorp (https://www.hashicorp.com/partners/tech/jfrog#vault). If I read your message correctly, I think it is the HCP Vault Dedicated support that you wish to see? Whilst we haven't tested the Artifactory Secrets plugin with HCP Vault Dedicated, there's nothing (as far as I know) inherently different for the plugin to work in HCP. |
Yes, exactly.
I think Hashicorp has some hard requirements on plugins on HCP (looking at the Venafi as an example) which needs to be fulfilled before it can be supported in Vault Dedicated. This is my understanding. It would be great if you could reach out to them on this (as I'm only a customer here for both products :) ). |
|
@iniinikoski From the conversation I have with HashiCorp, they are focusing their energy on HashiCorp Vault Secrets (HVS) so I'll be waiting for them to get HVS ready for partner integration in the future. |
Hi @alexhung and thanks for the update! :) I guess it does not make sense to keep this open meanwhile...? Wdyt? |
|
@iiro I'll keep this open and pinned for others to see. |
|
It does work with self-hosted Enterprise, not only Open Source. |
Currently the plugin can only be used with the Vault open-source version, though there are more and more customers who are using managed services from Hashicorp (e.g. HCP Vault). Hence, Hashicorp has created the Vault integration program (https://developer.hashicorp.com/vault/docs/partnerships) to improve the secrets engine support through the (slowly) growing partner network. They are also ramping up the new product "Vault Secrets" (https://developer.hashicorp.com/hcp/tutorials/get-started-hcp-vault-secrets/hcp-vault-secrets-introduction) where they plan to bring more and more different secret types / engines as a ready-made/built-in support. A good example is MongoDB Inc. with their MongoDB Atlas Secrets Engine which is fully supported in all Vault installations.
It would be great if JFrog could partner (even more?) with Hashicorp on this, as the spread of Artifactory tokens is an issue for every company using Artifactory. Artifactory has been enhanced with a better token support lately, but would be great that developers would not need to interface with Artifactory at all in order to get access to it (as, they get access to everywhere else also through Vault. The situation has of course improved lately a lot by introducing the OIDC possibilities between e.g. Artifactory and GitHub, thus mostly removing the requirement for static tokens. But the issue does still persists for e.g. user access or any machine access outside of e.g. GitHub.
Unfortunately, there's no alternative to this. We know that ephemeral / dynamic secrets is the key to success and we'd need to make this easy for everyone without compromising security.
JFrog Artifactory already integrates with Hashicorp Vault (though, not HCP Vault I believe atm), so, JFrog has partnered with Hashicorp on some levels already. I hope this partnership could be taken to next level where everyone benefits.
The text was updated successfully, but these errors were encountered: