Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-1487379: Connection Add - PrivateKey support for KeyVaults - as alternate to files #1215

Open
SPSCS-Simon opened this issue Jun 17, 2024 · 1 comment
Open

SNOW-1487379: Connection Add - PrivateKey support for KeyVaults - as alternate to files #1215

SPSCS-Simon opened this issue Jun 17, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@SPSCS-Simon
Copy link

Description

In an IAC world, it is likely that terraform, system users with public/private key credential are set up and the private key is placed in a named, say, an Azure KeyVault (as a secret), as AWS Secret Manager or similar.

On the assumption that one has access to the secret store, it would be good to be able to supply as pat of the connection add the name/type of the (supported) secret store, and secret name, and have the cli pull that secret systematically at runtime.

Context

  • It is not best security practice to keep the private keys as files on the file system.
  • It also does not allow a solution that easily scales across multiple developers. Once the key is in the key store, they can be accessed on demand.

Note: we need to use KeyVault Secrets as there is no way to retrieve the private key, from a Key Vault Key resource. It is assumed the same issue exist with other Key Stores.
@github-actions github-actions bot changed the title Connection Add - PrivateKey support for KeyVaults - as alternate to files SNOW-1487379: Connection Add - PrivateKey support for KeyVaults - as alternate to files Jun 17, 2024
@sfc-gh-pczajka sfc-gh-pczajka added the enhancement New feature or request label Jun 18, 2024
@sfc-gh-turbaszek
Copy link
Contributor

Related to #365

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sfc-gh-turbaszek @SPSCS-Simon @sfc-gh-pczajka