(no title)
npoturnak | 3 years ago
In an ideal world we would like to be passwordless 100%. And we can already do that with SAML/OIDC apps, SSH, etc. For these flows passwords do not exist.
However, the companies we work with always have some legacy app that just does not support modern identity protocols. For that we have to fill passwords and provide vaulting capabilities to offer end to end experience. The reason we decided to add vault is to make things simple and integrated, so that company does not need to manage separate product. Agreed, 1P and some others are known-and-trusted, but we hope to earn this trust over time. And using our Vault is optional.
Right now we are planning to release RDP support for Windows servers, and then we were planning to focus on adding support for databases. That is why your feedback is critical as we can reassess the priorities regarding Kubernetes.
mdaniel|3 years ago
So, "optional" unless there's a legacy password flow? I'm not trying to be a troll, just understand the line between the value you offer over 1P versus the passwordless claim
> Right now we are planning to release RDP support for Windows servers, and then we were planning to focus on adding support for databases. That is why your feedback is critical as we can reassess the priorities regarding Kubernetes.
Sounds good, but what is the plan for databases and then kubernetes? I know how Hashicorp Vault solves the database problem, and suspect you're going to take the same approach, but any "this is how we think about the world" would be helpful. Same for kubernetes, which thankfully already has strong support for externalized authn
jsethi512|3 years ago
For kubernetes cluster, we will be delivering a kubernetes service that will facilitate to access the cluster remotely from the kubectl.
mdaniel|3 years ago
I thought of another question about this: did you roll your own crypto, or just re-use a proven player like Hashicorp Vault, Bitwarden, Vaultwarden, or similar?
jsethi512|3 years ago