Does Integrated Storage support watch feature like provided by Consul?
Hi @sameergn ,
Your question is a bit confusing, as Consul watches are a user facing feature, whereas Vault’s Integrated Storage is an internal implementation detail that users of Vault do not directly interact with.
But, no, Vault doesn’t have a feature similar to this.
The background to my question is as follows.
We want to watch for changes in vault secrets.
Suggestion is to use watch mechanism in the backing store used by vault to store secrets.
E.g. If consul is used to store vault secrets, then an HTTP endpoint can be configured to receive updates.
Since vault natively supports “Internal Raft based” storage, wanted to know if it provides any similar watch mechanism.
Ah, that makes sense.
I wouldn’t really recommend trying that with Consul, as it means giving ordinary users of Vault full access to the backing data - which, OK, is encrypted, still weakens the overall defence in depth.
In any case, no such similar approach is possible with Integrated Storage, which cannot be directly interacted with bypassing Vault at all.