Allow disabling Vault SSL verify
aslafy-z opened this issue · comments
Expected Behaviour
VAULT_SKIP_VERIFY=1 himl myvaultyaml.yaml
=> Just works
Actual Behaviour
requests.exceptions.SSLError: HTTPSConnectionPool(host='vault.xx.com', port=443): Max retries exceeded with url: /v1/auth/token/lookup-self (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')))
@aslafy-z is this something we really want? Skipping the certificate validation for a secret store pretty much renders the security model ineffective.
@costimuraru This is supported by the upstream vault client, I think we should expose it as-well. Can be useful for dev.
@aslafy-z What I think should be change is the SSL warning suppression. It should be clear what the connection state is and the warning presented to the user.