Astra DB Plugin for HashiCorp Vault

DataStax Astra DB Plugin for HashiCorp Vault is an open-source project that adds dynamic token lifecycle management features for Astra DB. Due to the nature of the Astra DB object hierarchy, by default, API tokens are not associated with specific users and currently the tokens do not have metadata descriptions.

For more details, see the full Astra DB Plugin for HashiCorp Vault documentation in the plugin’s open-source GitHub repo.

Without the plugin, it’s easy to lose track of:

  • Who created tokens

  • The purpose of each token

  • Which tokens are being used actively

Consequently, there’s no audit trail of who has downloaded and used tokens, and there’s no tracking regarding who may have manually shared tokens with others.

Astra DB Plugin for HashiCorp Vault solves these security management issues. To ensure that your token ownership and usage are well understood, the plugin gives you the ability to associate metadata with tokens—such as the user who created each token, and what it is being used for. The plugin also logs who has accessed the tokens and provides dynamic token management.

Specifically, you can:

  • Define a default lease time

  • Create new tokens with lease settings

  • List tokens by each one’s Client ID

  • View lease details

  • List all leases

  • Renew a lease

  • Revoke a token/lease before the lease expires

  • Delete a token

What is Hashi Vault?

HashiCorp Vault is a widely-used solution across the tech industry. It’s an identity-based secrets and encryption management system. HashiCorp Vault from HashiCorp provides key-value encryption services that are gated by authentication and authorization methods. Access to tokens, secrets, and other sensitive data are securely stored, managed, and tightly controlled. Audit trails are provided. HashiCorp Vault is also extensible via a variety of interfaces, allowing plugins (including Astra DB Plugin for HashiCorp Vault) to contribute to this ecosystem.

What’s next?

See the full Astra DB Plugin for HashiCorp Vault documentation in the plugin’s open-source GitHub repo.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com