Option to allow TLS based communication with Zookeeper Backend #4907
Comments
|
PR for the feature request: #4856 |
|
Closing, essentially a duplicate of the PR the author previously made. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Zookeeper supports TLS based communication with clients. Vault should also be able to provide an option using configuration to enable TLS based communication with a Zookeeper Backend.
Describe the solution you'd like
Based on TLS related properties defined in the Zookeeper backend 'stanza' in Vault config, Vault should enable a TLS context to talk to Zookeeper backend.
Explain any additional use-cases
When verifying the Certificate presented by the Zookeeper backend, Vault should be able to verify the certificate's CN/SAN using either the IP address or DNS. Option to do so will be provided using a config flag. Default would be the DNS name.
Additional context
There is a closed issue pertaining to the same feature request(#1652). I am submitting this as a new issue, since I have not been able to gather attention to the pull request for this feature request.
CC: @devth @sherzberg @kenbreeman @elupu @reegz
The text was updated successfully, but these errors were encountered: