https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idi-p/1780369 <P>I would like to propose and enhancement to the AWS S3 endpoint to support custom credential providers.</P><P>Currently the S3 endpoint support static long living key pair option, EC2 IAM role option or a STS based option.</P><P>All of these options are not part of the security best practices at our enterprise.</P><P>We use Hashicorp Vault to provision temporary, short lived AWS credentials. The AWS S3 endpoint should fetching these temporary credentials from valut and should also support refreshing the credentials seamlessly. The temporary credentials have a session token along with the access key and secret key.</P> Thu, 04 Feb 2021 23:38:52 GMT Prabodh 2021-02-04T23:38:52Z https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/1780879#M4941 <P>Thank you for the suggestion.&nbsp; We would like to collect feedback from others on direct integration with Hashicorp Vault.</P><P>We do provide a method for integration with external credentials, though it is not optimized for short-lived credentials:&nbsp;<A href="https://help.qlik.com/en-US/replicate/November2020/Content/Replicate/Main/Security/external_credentials.htm" target="_blank">https://help.qlik.com/en-US/replicate/November2020/Content/Replicate/Main/Security/external_credentials.htm</A></P><P>&nbsp;</P> Mon, 08 Feb 2021 14:00:42 GMT https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/1780879#M4941 Shelley_Brennan 2021-02-08T14:00:42Z https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/1783079#M5103 <P>Hi Shelley,</P><P>The credential addon will not work for us as it would still require provisioning long-living AWS secret key and access key pair - which is against our security best practices.</P><P>We need the ability to integrate a c<FONT size="3">ustom credential provider for AWS. Check "Specifying a Credential Provider or Provider Chain" and "E</FONT><FONT size="3">xplicitly Specifying Credentials</FONT><FONT size="3">" sections in this <A href="https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html" target="_blank" rel="noopener">AWS documentation</A>. Note: I am providing Java sdk example as it is the best documented.</FONT></P><P><FONT size="3">In our case, we would need the ability to return something similar to <A href="https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/index.html?com/amazonaws/auth/BasicSessionCredentials.html" target="_self">BasicSessionCredentials</A>&nbsp;and expect Replicate to understand it and refresh it once the credentials are nearing expiry. The interface exposed by Replicate would look something similar to <A href="https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/index.html?com/amazonaws/auth/AWSCredentials.html" target="_blank" rel="noopener">AWSRefreshableSessionCredentials</A>.</FONT></P> Tue, 16 Feb 2021 15:18:36 GMT https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/1783079#M5103 Prabodh 2021-02-16T15:18:36Z https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/2101533#M14772 <P>From now on, please track this idea from the Ideation portal.&nbsp;</P><P><STRONG><A title="Link to new idea" href="https://ideation.qlik.com/app/#/case/274780" target="_blank" rel="noopener">Link to new idea</A></STRONG></P><P>Meghann</P><P data-unlink="true"><EM>NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you <STRONG>only</STRONG> see 1 tab with the login page, please try clicking this link first: <STRONG><A title="Authenticate me!" href="#" target="_blank" rel="noopener">Authenticate me!</A></STRONG>&nbsp;t</EM><EM>hen try the link above again. Ensure pop-up blocker is off.</EM></P> Wed, 02 Aug 2023 16:33:40 GMT https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/2101533#M14772 Meghann_MacDonald 2023-08-02T16:33:40Z https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/2101534#M14773 Wed, 02 Aug 2023 16:33:42 GMT https://community.qlik.com/t5/Suggest-an-Idea/Support-custom-credential-provider-for-AWS-S3-endpoint/idc-p/2101534#M14773 Ideation 2023-08-02T16:33:42Z