-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Azure secrets engine to use MS Graph #12629
Conversation
@@ -107,7 +107,7 @@ require ( | |||
github.com/hashicorp/vault-plugin-mock v0.16.1 | |||
github.com/hashicorp/vault-plugin-secrets-ad v0.10.0 | |||
github.com/hashicorp/vault-plugin-secrets-alicloud v0.9.0 | |||
github.com/hashicorp/vault-plugin-secrets-azure v0.10.0 | |||
github.com/hashicorp/vault-plugin-secrets-azure v0.6.3-0.20210924190759-58a034528e35 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know why this is going to 0.6.3, but the commit hash is correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the repo needs to be tagged to v0.11.0 and we add that here. Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was going to wait on tagging the repo since I'm going to be working on root credential rotation next. I can tag it now though if you prefer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah good point, let's wait on tagging.
Pulls in hashicorp/vault-plugin-secrets-azure#67 to start migrating away from the deprecated Azure Active Directory API to the Microsoft Graph API.
Also adds docs for the new feature flag:
use_microsoft_graph_api
and a warning that current users should migrate their configurations before the AAD API is removed by Microsoft.