Centralized Monotonic ID generator in Vault

Hope everybody had a great Labor Day weekend, for those that had one!

Interesting problem here… we need to have a centralized monotonic ID generator (distributed across half a dozen services) and wondering if I can use Vault for this purpose (this is in code that’s already using Vault).

Longer term we are going to develop a new Vault plug-in (for other reasons) and can add functionality for this at that time. Otherwise, we’d have to develop some kind of centralized safe ID generator.

But in the meantime I was wondering if there was a path for a quick win using Vault. Examples that come to mind:

  • Using a KV key version # as a proxy for a generated ID by just updating the same key repeatedly (are there any limits/maxima here that I need to be concerned with?)
  • If the above not viable, is there a mechanism to generate a new key value from an existing key value, with appropriate locking to avoid any race conditions?

Admittedly, it’s an abuse of Vault functionality… but I was just checking to see if there’s an existing path using Vault before we go to the effort of developing some safe, centralized solution or custom plug-in to overkill this straightforward requirement.