Is it possible to do delegated management

stevefan1999-persona · October 11, 2020, 6:53am

Consider this situation: The customer consented with me to provide his secrets to me for managing/delegating some operations, e.g generate tokens on behalf of the user directly from me, a “trusted” middleman.

Now I don’t know if this is possible to do it with Vault as I see that secret engines maybe the something I needed? So I can enable multiple secret engines under different paths with different secrets right, i.e. I can have two AWS secret engines called A, B where A uses secret key “AAAA” and B uses secret key “BBBB” right?

Wolfsrudel · October 11, 2020, 10:30am

Yes, you can, using the -path argument:

By default, the secrets engine will mount at the name of the engine. To enable the secrets engine at a different path, use the -path argument.

via: AWS - Secrets Engines | Vault | HashiCorp Developer

Topic		Replies	Views
What paths are supported for aws secrets? Vault	17	1038	July 2, 2021
Capability to enable secret engine Vault	3	982	December 16, 2021
How can I list Secrets Engine through API Vault	15	1501	June 1, 2022
Kubernetes Secrets Engine for multiple Kubernetes clusters Vault	7	311	October 2, 2022
Only allow listing specific Secrets Vault	6	1402	September 27, 2021

Is it possible to do delegated management

Related Topics