Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Announcements
This page is no longer in use. To suggest an idea, please visit Browse and Suggest.

Support custom credential provider for AWS S3 endpoint

Prabodh
Creator II
Creator II
‎2021-02-04 06:38 PM

Support custom credential provider for AWS S3 endpoint

I would like to propose and enhancement to the AWS S3 endpoint to support custom credential providers.

Currently the S3 endpoint support static long living key pair option, EC2 IAM role option or a STS based option.

All of these options are not part of the security best practices at our enterprise.

We use Hashicorp Vault to provision temporary, short lived AWS credentials. The AWS S3 endpoint should fetching these temporary credentials from valut and should also support refreshing the credentials seamlessly. The temporary credentials have a session token along with the access key and secret key.

Status: Closed - Archived Submitted by Creator II on ‎2021-02-04 06:38 PM
870 Views
4 Comments
Shelley_Brennan
Former Employee
Former Employee
‎2021-02-08 09:00 AM

Thank you for the suggestion.  We would like to collect feedback from others on direct integration with Hashicorp Vault.

We do provide a method for integration with external credentials, though it is not optimized for short-lived credentials: https://help.qlik.com/en-US/replicate/November2020/Content/Replicate/Main/Security/external_credenti...

 

Status changed to: Open - Collecting Feedback
Prabodh
Creator II
Creator II
‎2021-02-16 10:18 AM

Hi Shelley,

The credential addon will not work for us as it would still require provisioning long-living AWS secret key and access key pair - which is against our security best practices.

We need the ability to integrate a custom credential provider for AWS. Check "Specifying a Credential Provider or Provider Chain" and "Explicitly Specifying Credentials" sections in this AWS documentation. Note: I am providing Java sdk example as it is the best documented.

In our case, we would need the ability to return something similar to BasicSessionCredentials and expect Replicate to understand it and refresh it once the credentials are nearing expiry. The interface exposed by Replicate would look something similar to AWSRefreshableSessionCredentials.

Meghann_MacDonald
Employee
Employee
‎2023-08-02 12:33 PM

From now on, please track this idea from the Ideation portal. 

Link to new idea

Meghann

NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.

Ideation
Explorer II
Explorer II
‎2023-08-02 12:33 PM
 
Status changed to: Closed - Archived
Subscribe by Topic