Describe the Bug
Default configuration results in certificates being created by the plugin and stored in the vault.db that are never reaped:
|
no_store = T |
no_store = F (default) |
| generate_lease = T |
do not store cert |
reap cert on expiry |
| generate_lease = F (default) |
do not store cert |
keep all certs FOREVER |
To Reproduce
Steps to reproduce the behavior:
- Install the Plugin
- Configure a secret mount, but don't change
no_store or generate_lease values
- Create certs
- ... now how do you clear them up?
Expected Behavior
These two interrelated parameters should be encapsulated in a single “enum” setting. Short of that it should absolutely not be possible for both to be true, or both to be false and a safe default should be provided (probably generate_lease=true).
Product Deployment
Please complete the following information:
- Deployment format: Plugin
- Version: 1.5.0
Desktop
Please complete the following information:
- OS: Linux (Ubuntu(
- Browser: N/A
- Version: ?
Additional Context
Turns out >1M certs really ups the CPU, Memory, and Latency of Vault!
Describe the Bug
Default configuration results in certificates being created by the plugin and stored in the vault.db that are never reaped:
To Reproduce
Steps to reproduce the behavior:
no_storeorgenerate_leasevaluesExpected Behavior
These two interrelated parameters should be encapsulated in a single “enum” setting. Short of that it should absolutely not be possible for both to be
true, or both to befalseand a safe default should be provided (probablygenerate_lease=true).Product Deployment
Please complete the following information:
Desktop
Please complete the following information:
Additional Context
Turns out >1M certs really ups the CPU, Memory, and Latency of Vault!