Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
Brand Logo

Cloudron Forum
  1. Cloudron Forum
  2. Vault

Vault

4 Topics 108 Posts
  • girishG

    Vault - Package Updates

    Pinned
    90
    0 Votes
    90 Posts
    32k Views
    Package UpdatesP
    [1.81.4] Update vault to 1.20.4 Full Changelog core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27. (ce4b4264) database/snowflake: Update plugin to v0.14.2 (9f06df77) Raft: Auto-join will now allow you to enforce IPv4 on networks that allow IPv6 and dual-stack enablement, which is on by default in certain regions. (1fd38796) auth/cert: Support RFC 9440 colon-wrapped Base64 certificates in x_forwarded_for_client_cert_header, to fix TLS certificate auth errors with Google Cloud Application Load Balancer. [GH-31501] secrets/database (enterprise): Add support for reading, listing, and recovering static roles from a loaded snapshot. Also add support for reading static credentials from a loaded snapshot. (24cd1aa5) secrets/ssh: Add support for recovering the SSH plugin CA from a loaded snapshot (enterprise only). (0087af9d) auth/cert: Recover from partially populated caches of trusted certificates if one or more certificates fails to load. [GH-31438] core: Role based quotas now work for cert auth (fc775dea) sys/mounts: enable unsetting allowed_response_headers [GH-31555] ui: Fix page loading error when users navigate away from identity entities and groups list views. (81170963)
  • girishG

    Vault - OIDC Support

    5
    0 Votes
    5 Posts
    858 Views
    C
    @joseph I agree. I looked at some of the implementation requirements and it takes effort. With each Cloudron app update and server reboot, it requires a process to "turn on" the server. That involves presenting several keys to unlock the server. For large companies with dev ops resources, this is doable. But for smaller companies, it is too much effort with a huge risk of bringing down applications if you miss a secrets server reboot.
  • scookeS

    Vaultwarden vs Vault

    8
    1 Votes
    8 Posts
    5k Views
    marcusquinnM
    @scooke Think of Vault as kinda like Bitwarden but for code to lookup with. Unless you're coding access to things, I don't think you'd need it.
  • M

    Vault process running out of memory--plenty of memory available.

    Moved oom
    5
    0 Votes
    5 Posts
    2k Views
    girishG
    @mastadamus I will bump up the memory limit for vault. https://learn.hashicorp.com/tutorials/vault/reference-architecture says 4-8GB is recommended. Currently, the cloudron package runs at 256MB! Also, as you guessed, it's only the vault container that is dying and the server is not affected (I guess that's one of the main benefits of running in containers, a single app cannot bring down a system).