2.0 KiB
2.0 KiB
Built-in Vault Connectors (HashiCorp Vault, Azure Key Vault, AWS Secrets Manager)
Module
Integrations
Status
IMPLEMENTED
Description
Three vault connectors using raw HTTP clients: HashiCorp Vault (Token, AppRole, Kubernetes auth), Azure Key Vault (Service Principal, Managed Identity), and AWS Secrets Manager (IAM SigV4). Unified secret resolution interface for integration configuration encryption.
Implementation Details
- Integration core:
src/Integrations/__Libraries/StellaOps.Integrations.Core/Integration.cs-- base integration with vault-type references for HashiCorp Vault, Azure Key Vault, AWS Secrets Manager - Integration models:
src/Integrations/__Libraries/StellaOps.Integrations.Core/IntegrationModels.cs-- vault connection configuration models - Integration enums:
src/Integrations/__Libraries/StellaOps.Integrations.Core/IntegrationEnums.cs-- vault type enumerations - Connector plugin contract:
src/Integrations/__Libraries/StellaOps.Integrations.Contracts/IIntegrationConnectorPlugin.cs-- unified secret resolution interface - Integration service:
src/Integrations/StellaOps.Integrations.WebService/IntegrationService.cs-- manages vault connector instances - Persistence:
src/Integrations/__Libraries/StellaOps.Integrations.Persistence/PostgresIntegrationRepository.cs-- vault configuration persistence - Infrastructure:
src/Integrations/StellaOps.Integrations.WebService/Infrastructure/Abstractions.cs,DefaultImplementations.cs-- vault-agnostic abstractions - Tests:
src/Integrations/__Tests/StellaOps.Integrations.Tests/IntegrationServiceTests.cs - Source: SPRINT_20260110_102_005_INTHUB_vault_connector.md
E2E Test Plan
- Verify HashiCorp Vault connector authenticates via Token, AppRole, and Kubernetes auth
- Test Azure Key Vault connector with Service Principal and Managed Identity
- Verify AWS Secrets Manager connector uses IAM SigV4 signing
- Test unified secret resolution interface across all vault types
- Verify vault credential encryption in persistence layer