Forced Vault Operation?

[lautarodragan]

Currently, Frost is running a mountAuthTune operation on Vault every time it starts.

frost-api/src/app.ts

Lines 31 to 38 in 82eb368

	if (!configuration.skipVault)
	try {
	Vault.config(configurationVault)
	if (!configurationVault.token) await initVault()
	await Vault.mountAuthTune()
	} catch (e) {
	logger.error(e, 'Error with Vault')
	}

This happens even if a Vault token is provided.

frost-api/src/utils/Vault/Vault.ts

Lines 74 to 84 in 4dc8bc7

	export async function mountAuthTune() {
	await this.vault.mounts()
	return this.vault.mount({
	mount_point: 'auth/token/tune',
	type: 'auth',
	description: 'auth tune',
	default_lease_ttl: 720,
	max_lease_ttl: 4611686018, // ~146 years
	force_no_cache: false,
	})
	}

This is running a POST /sys/mounts/auth/token/tune.

More research is needed here, but we:

• want to remove any vault initialization or configuration code from Frost,
• should check whether this code is really needed and
• should make sure our docker images are doing this and do not depend on the code.

At the very least we should be able to move it out of app and into initVault.

[lautarodragan]

Superseded by #988