I am missing Vault in the checkpoint api (https://checkpoint-api.hashicorp.com) for checking the actual version (e.g. https://checkpoint-api.hashicorp.com/v1/check/consul). Is this intended?
Could you furthermore add more HashiCorp products? My personal wishlist would be:
Kind regard,
Tobias
Hi Tobias,
As a Vault dev, I was previously unfamiliar with this page. I did notice that it says, “Note that Vault, Sentinel, Serf, and Terraform Providers are intentionally not integrated with Checkpoint.” I asked the team about it and it sounds like we didn’t want it phoning home to learn the Vault version.
I will open a feature request internally to add these and link the request to this.
-B
Hi Tobias,
If you haven’t already, can you open the consul-related piece of your request on the Consul forum? I have opened a ticket internally related to the Vault pieces of your request.
Thanks!
Becca
Oh, sorry, so I missed the note about not phoning home. But just thought so. Thanks for the hint.
Yes, I’ll do. Thanks a lot.
do you have an update on this?
You started discussing on Aug. 2019, but it’s still not working.
As it is current - and always has been - it is intentional. This ended the discussion in 2019.
sorry, I didn’t want to tease you or anyone, but I’m puzzled by the assertion: “we didn’t want it phoning home to learn the Vault version”.
I understand that they don’t want to give their number to anyone, but I wonder if it’s possible for the API to phone Fastly instead of calling Hashicorp.
Fastly is the CDN used by Hashicorp and it has an API (but as far as I understand it requires a token).
Right now I am checking the version against Fastly, without API, as follows:
if [[ $PROG_NAME == 'vault' ]]; then
PROG_VERSION=$(
curl -s https://releases.hashicorp.com/${PROG_NAME}/ |
awk -v pat="href=\"/$PROG_NAME" -F'/' '$0 ~ pat&&!/+ent/&&!/-beta/&&!/-alpha/&&!/-rc/{ gsub(/[-+].*/, ""); print $3}' |
sort --version-sort --unique |
tail -1
)
else
PROG_VERSION=$(curl -s https://checkpoint-api.hashicorp.com/v1/check/$PROG_NAME | jq -Mr .current_version)
fi
But in Hashicorpt they can use this API
If you had it regularly phoning home with the current version then if there was some sort of data breach you’d have a nice handly list of IP addresses for every version of Vault - including any which might have security issues.
and what if I create an API on api.maxadamo.com (it doesn’t exist such domain and I’m not gonna create any API: it’s a paradoxical example) which fetches these data either from Github, or from Fastly, and it makes it available for everyone?
Do I get a cease and desist letter from Hashicorp?
You can get the version number from Fastly, from Github, you can create your own, but they can’t use their own API.
I am sure that I miss something.
