I need to write a custom secret backend. Conceptually, it will look like the
transit backend with an API that looks like this:
- Create a key that will stay in the backend
- Encrypt the data using a proprietary algorithm (but don’t store it)
- Decrypt the data (you must specify the key identifier)
Key generation and encryption are custom. I have the
mock sample in Vault guides running, but it stores the secrets in a Go map, in memory. I want them persistent and encrypted.
I was reading through transit source and I need some help… Is there an internal piece of Vault that will provide me with a Go interface (or similar) that I can call to store the secret my custom backend generated or must I handle that myself ?