Make `clientSecretAlias` configurable #468

paullatzelsperger · 2024-10-02T06:05:08Z

Feature Request

When ParticipantContexts are created via IH's Identity API, it automatically creates an STS account (if STS is embedded in IH).
In doing so, a client_secret is generated (using a pluggable StsClientSecretGenerator). However, there currently is no way
to influence the alias, under which the client_secret is stored in the Vault, instead, it is hard-coded to "<participant-id>-sts-client-secret".

This is obscure, and could theoretically cause collisions in the Vault.

Which Areas Would Be Affected?

ParticipantContext API

Why Is the Feature Desired?

Configurability, avoid collisions in the Vault

Solution Proposal

Add to the ParticipantManifest a map of extensible properties

The text was updated successfully, but these errors were encountered:

paullatzelsperger added api enhancement New feature or request labels Oct 2, 2024

paullatzelsperger self-assigned this Oct 2, 2024

github-actions bot added the triage all new issues awaiting classification label Oct 2, 2024

paullatzelsperger removed the triage all new issues awaiting classification label Oct 2, 2024

paullatzelsperger mentioned this issue Oct 2, 2024

feat: allow customization of the STS Account's secret_alias #469

Merged

paullatzelsperger closed this as completed in #469 Oct 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make `clientSecretAlias` configurable #468

Make `clientSecretAlias` configurable #468

paullatzelsperger commented Oct 2, 2024

Make clientSecretAlias configurable #468

Make clientSecretAlias configurable #468

Comments

paullatzelsperger commented Oct 2, 2024

Feature Request

Which Areas Would Be Affected?

Why Is the Feature Desired?

Solution Proposal

Make `clientSecretAlias` configurable #468

Make `clientSecretAlias` configurable #468