Support for Cloud vaults

[bshaaban]

Hello Notary project members, this is my first issue here and hopefully I'll be starting to contribute soon as well.

I've seen there's been an issue created about vault credentials exchange alternatives where Azure cloud is mentioned in the comments.

But I have not seen an official cloud vault integration support mentioned in the spec nor in this implementation. I'm wondering if this is something that can be added somewhere or mentioned in the specs?

In addition to Azure Cloud, I think the community would be interested in AWS KMS, HashiCorp's Vault and probably Google's GCP.

Thanks for your input and looking forward to working with the community.

[SteveLasker]

Hi @bshaaban, thanks for the issue.
We have implemented notation-azure-kv and are looking for help implementing a hashicorp plug-in, as well as any other plug-ins.
Please see the draft extensibility spec for details, and the notation-azure-kv for a reference implementation.

The design of notary's extensibility is the flexibility for someone to implement, support and innovate their cloud provider without any dependency on the notary maintainers. Otherwise, a critical servicing event could block a cloud or project.

Closing as I think we've captured this issue, and look forward to new issues, or possibly a hashicorp or other cloud provider/project implementation.

[bshaaban]

Thanks @SteveLasker for the reply and the links. I'll try to help when I can soon.