feat(security): Add secret store config for delayed start (#3948)

Signed-off-by: Bryon Nevis <[email protected]>
edgexfoundry · Apr 19, 2022 · 6b188fc · 6b188fc
1 parent b6a3d65
commit 6b188fc
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 3 deletions.
diff --git a/cmd/core-data/res/configuration.toml b/cmd/core-data/res/configuration.toml
@@ -84,3 +84,11 @@ RootCaCertPath = ""
 ServerName = ""
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false
+  Protocol = "https"
+  Host = "localhost"
+  Port = 59841
+  TrustDomain = "edgexfoundry.org"
+  EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"
+  RequiredSecrets = "redisdb"
diff --git a/cmd/core-metadata/res/configuration.toml b/cmd/core-metadata/res/configuration.toml
@@ -67,4 +67,11 @@ RootCaCertPath = ""
 ServerName = ""
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
-
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false
+  Protocol = "https"
+  Host = "localhost"
+  Port = 59841
+  TrustDomain = "edgexfoundry.org"
+  EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"
+  RequiredSecrets = "redisdb"
diff --git a/cmd/security-proxy-setup/res/configuration.toml b/cmd/security-proxy-setup/res/configuration.toml
@@ -58,6 +58,14 @@ RootCaCertPath = ""
 ServerName = ""
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false
+  Protocol = "https"
+  Host = "localhost"
+  Port = 59841
+  TrustDomain = "edgexfoundry.org"
+  EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"
+  RequiredSecrets = "redisdb"
 
 [Routes]
   [Routes.core-data]

diff --git a/cmd/security-spiffe-token-provider/res/configuration.toml b/cmd/security-spiffe-token-provider/res/configuration.toml
@@ -50,6 +50,14 @@ RootCaCertPath = ""
 ServerName = ""
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false # This is the implementation of RuntimeTokenProvider; must always be false!
+  Protocol = ""
+  Host = ""
+  Port = 0
+  TrustDomain = ""
+  EndpointSocket = ""
+  RequiredSecrets = ""
 
 [SPIFFE]
   EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"

diff --git a/cmd/support-notifications/res/configuration.toml b/cmd/support-notifications/res/configuration.toml
@@ -71,4 +71,11 @@ SecretsFile = ""
 DisableScrubSecretsFile = false
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
-
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false
+  Protocol = "https"
+  Host = "localhost"
+  Port = 59841
+  TrustDomain = "edgexfoundry.org"
+  EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"
+  RequiredSecrets = "redisdb"
diff --git a/cmd/support-scheduler/res/configuration.toml b/cmd/support-scheduler/res/configuration.toml
@@ -69,4 +69,11 @@ RootCaCertPath = ""
 ServerName = ""
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
-
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false
+  Protocol = "https"
+  Host = "localhost"
+  Port = 59841
+  TrustDomain = "edgexfoundry.org"
+  EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"
+  RequiredSecrets = "redisdb"
diff --git a/cmd/sys-mgmt-agent/res/configuration.toml b/cmd/sys-mgmt-agent/res/configuration.toml
@@ -74,3 +74,11 @@ RootCaCertPath = ""
 ServerName = ""
   [SecretStore.Authentication]
   AuthType = "X-Vault-Token"
+  [SecretStore.RuntimeTokenProvider]
+  Enabled = false
+  Protocol = "https"
+  Host = "localhost"
+  Port = 59841
+  TrustDomain = "edgexfoundry.org"
+  EndpointSocket = "/tmp/edgex/secrets/spiffe/public/api.sock"
+  RequiredSecrets = "redisdb"