Articles in this section

FAQ - Vault Integration

Tasneem

Detail

Vault Integration is supported since Aerospike version 5.1. For details, refer to the documentation about Vault Integration

Answer

What encoding is the value stored in the secret?

It has to be stored in base64 encoded value.


What happen when the vault token expired?

If the Vault auth token expires during server runtime, all Vault requests from that point on will fail. Since Aerospike does not cache Vault secrets, this means the failure will happen right on the next instant a secret is needed.


When are secrets pulled from the vault?

The following parameters can be secured with Vault.

  • auth-password-file

  • cert-file

  • encryption-key-file

  • encryption-old-key-file

  • feature-key-file

  • key-file

  • key-file-password

  • query-user-password-file

Each parameter is read only once upon server startup except for auth-password-file. On new connections for XDR (e.g. initial connection or churn from timeouts) the auth-password-file will be queried from the vault. Thus, if TLS files, encryption files, or feature files are stored in the vault and need to be refreshed then the Aerospike cluster will need to be restarted in a rolling fashion for the new files to take effect.
 

Applies To Earliest Version

5.1

Applies To Latest Version

Current Version
Was this article helpful?
0 out of 0 found this helpful