OpenBAO: Manage, store, and distribute sensitive data
22 points by poly2it
by EnigmaCurry
0 subcomment
Not directly related to openbao, but I've thought about this for awhile that I'd like to use ssh certificates instead of ssh keys to allow an agent a time limited SSH access to a server, and that seems to work for gating the initial connection, but I haven't yet figured out how to enforce the established connection dies after a certain time. I could maybe hand roll a solution with ExposeAuthInfo and ForceCommand wrapper, but it feels like this sort of thing should be handled delicately..
by elevation
1 subcomments
My dream configuration in the past was Vault, protected by step-ca's ACME implementation, with an IdP like KanIDM for SSO.
But it seems like there is so much feature creep: OpenBao now has its own ACME server. And KanIDM is considering it... Why is every app vying to be my root of trust?
by aiman_alsari
1 subcomments
Ever since the IBM acquisition of Hashi I've been using this a lot more with my clients to save cost