I'm new to Hashicorp Vault and i'm trying to authenticate using TLS.
How do I go about it?
Related
I would like to ask, if is possible to setup new AWS Dynamo connection with
access key, access secret and access token in DBeaver, which I have available in my AWS SSO account.
In DBeaver I'm able to put access key and access secret, but access token field is missing in connection settings.
The Cloud Composer doesn't support SMTP password storage in environment, according to the tutorial we can specify a command return SMTP password, I have tried bash command to export env var from airflow.cfg but failed to store password in airflow.cfg.
Our Gsuit credential is stored in LastPass, so the ideal way is to connect composer with lastpass to retrieve LDAP credential. Some applicable solution I can think of right now: 1) move credential from LastPass to Vault, enable vault in composer via ssh and use vault kv get airflow/connections/smtp_default in composer smtp_password_cmd; 2) create connections in airflow with LastPass and retrieve with airflow.hooks.base in code base (might need excessive config for security reason) 3) easiest way, hide hardcoded gmail password somewhere (not sure where thou)
Can someone point out a direction how to retrieve LDAP credential from third-party storage ( we don't want to use google secret at this moment) in cloud composer?
You can use existing secrets backend or add your own custom secret backend if none of the secret backends is good for you. The existing backends you can use are vault, Google secrets, Amazon secrets, but rolling your own backend is super simple if none of the existing ones suit you.
https://airflow.apache.org/docs/apache-airflow/2.2.0/security/secrets/secrets-backend/index.html
In case of SMTP you need to define a connection (any type - http will do) which you have to specify via connection id (and the connection should have user/password for SMTP)
I use a GKE and a ESP for user authentication. It works well with Keycloak, but now I am trying to do the same with Google Identity Platform and Firebase.
I created a OpenID Connect provider with a client ID and a client secret of an oauth-client. But what is the issuer url? Documentation:
The provider's Issuer. This should look something like https://example.com. Identity Platform uses this URL to locate the OIDC discovery document (typically found at /.well-known/openid-configuration), which specifies the provider's OAuth endpoints and public keys.
The services on my GKE have no DNS. Is it required to continue?
I also have to use that Issuer url in the esp. Do I need Firebase?
I am thinking of using Firebase email/password authentication and I was wondering does Firebase handle all the encryption? Esecially from client to server?
Credentials are sent from the Firebase SDK in your app/web page to the server over an SSL connection. So they're encrypted on a lower level already.
Yes it is, like described below
How can I securely store login credentials for remote service in my web applications database?
I have to allow web applications administrator to set the username/password for remote Exchange server. I believe I cannot use hashing since I need the exact password to authenticate to the remote service. I am wondering what is the most secure way to handle this?
There are several options I believe:
encryption by passphrase: http://technet.microsoft.com/en-us/library/ms190357.aspx
asymetric key: http://technet.microsoft.com/en-us/library/ms186950.aspx
certificate: http://technet.microsoft.com/en-us/library/ms188061.aspx
symetric key: http://technet.microsoft.com/en-us/library/ms174361.aspx