Implement Vault for secret management and key rotation #1363
Description
Inventory of Credentials
Notes added after initial assessment
| Secret Name | Rotatable Keys | Type | Instances | Notes |
|---|---|---|---|---|
| traction-database-pguser-acapy | password | pg user credentials | crunchy postgres cluster | |
| traction-database-pguser-pgadmin | password | pg user credentials | crunchy postgres cluster | |
| traction-database-pguser-walletman | password | pg user credentials | crunchy postgres cluster | |
| traction-database-pgbouncer | pgbouncer-password | pgbouncer credentials | crunchy postgres cluster | |
| traction-database-acapy | acapy-password, walletman-password | pg user credentials | traction acapy pods | |
| traction-database-pgbackrest | pgbackrest cert/keys | crunchy HA pods | potentially rotate the pgbackrest certs/keys | |
| traction-database-replication-cert | ca.crt, tls.crt, tls.key | pg replication cert/key | ||
| traction-database-ha-*-certs | pgbackrest-server.crt, pgbackrest-server.key | crunchy HA pods | potentially rotate pgbackrest stuff | |
| traction-acapy-api | acapy api keys | traction tenant ui | potentially adminApiKey, webhookapi | |
| traction-acapy-plugin-innkeeper | acapy innkeeper key | traction acapy, tenant ui | potentially walletkey | |
| traction-acapy-walletkey | walletKey | acapy wallet key | traction acapy |