Astra DB plugin for HashiCorp Vault
The Astra DB plugin for HashiCorp Vault is an open-source project that adds dynamic application token lifecycle management features for Astra DB organizations.
What is HashiCorp Vault?
HashiCorp Vault is an identity-based secrets and encryption management system that provides key-value encryption services gated by authentication and authorization methods.
With HashiCorp Vault, access to tokens, secrets, and other sensitive data is securely stored, managed, and tightly controlled. Audit trails are provided. HashiCorp Vault is also extensible via a variety of interfaces, allowing plugins, including the Astra DB Serverless database plugin for HashiCorp Vault, to contribute to this ecosystem.
By default, Astra DB application tokens aren’t associated with specific users, and the tokens don’t have metadata descriptions. The Astra DB plugin for HashiCorp Vault allows you to add metadata to tokens, such as the creator’s identity and the purpose of the token. Specifically, you can do the following:
-
Define a default lease time
-
Create new tokens with lease settings
-
List tokens by Client ID
-
View token lease details
-
List all token leases
-
Renew a token lease
-
Revoke a token or lease before the lease expires
-
Delete a token
The plugin tracks token creators, token purposes, and tokens that are actively in use. The plugin does not track token downloads, token usage, or token sharing
To configure and use the plugin, go to the GitHub repository for the Astra DB plugin for HashiCorp Vault.