Implement credential managers as var sources
vito opened this issue · comments
Alex Suraci commented
Summary
This issue is for implementing concourse/rfcs#39 as described.
As var_sources
is already experimentally implemented as of v5.8.0, this issue tracks the following delta:
- Enforce that var source names are valid identifiers (#5810)
- Implement support for JSON-quoted secret paths:
((foo."bar:baz.buzz".quuz))
(this would also fix #4249) - Implement each credential manager as a var source, taking special care to think of how they should work as a var source.
- This is an opportunity to clean up behavior that might no longer be necessary. For example, do we still need the default lookup paths for Vault?
This issue does not include Prototype-based var sources, and does not include cluster-wide var sources. These are both things that we want, but they were left out of scope of the RFC for now.
Context
- RFC: concourse/rfcs#39
Miclain K Keffeler commented
This is a must have, we are very much blocked in using concourse right now for some use cases due to the json syntax issue