Overview​

OpenBao, like its upstream, favors the [raft internal storage engine][raft]. While more complex than relying on a database for replication, this storage engine allows us to have lower latency on read operations, because it uses a [local K/V implementation][bbolt] based on [B+-trees][btree]. For workloads with low writes but high reads (typical of most uses of K/V secrets), this trade off allows for the best performance.

An earlier [blog post][blog-transactions] talked about the availability of transactions in the [main branch][openbao-main], this post will focus on the technical details of implementing transactions.

My Journey Begins​

Hey everyone! I’m Fatima and I’m excited to share how my OpenBao journey started! I had been working on app development but was eager to break into the cybersecurity world. So I browsed through various open-source projects and stumbled upon OpenBao. The project’s purpose caught my interest and, of course, the little bao mascot sealed the deal so I decided to dive in and set it up.

While running OpenBao tests on my Mac, I ran into a minor compatibility error. Instead of getting frustrated, I saw it as an opportunity to contribute. I submitted my first issue to the OpenBao repository, worked on a fix, and a few days later, my pull request (PR) was approved! The excitement of having my first merged PR got me motivated to try out another issue, which also got merged later! After lurking around the repo for a few days, my mentor, Alex reached out to me with this wonderful opportunity and that is how my OpenBao journey began!

Recently we merged the last of the transactional storage pull requests, including PostgreSQL support!

I'm pleased to announce that our first direction and roadmap document has been approved by the TSC!

This represents a major commitment to openness for this project. Historically, upstream hasn't published an open roadmap or collaborated with the community on a shared vision and direction for their project.

\o Hello OpenBao community!

In our last community post, we said:

Join the community and its leadership today.

But you said: it is not clear how!

Good news: Our community roles are approved and live!

OpenBao and upstream lack server-side cross-pluign communication.

As recently seen with an OIDC feature, this shortcoming often needs to be worked around on the client side, potentially exposing sensitive information.

There's usually two paths discussed for cross-plugin communication:

1. Requests bound under the context of the original user token.
2. Designing some other authorization system or an internal API based design.

We asked one of our Gen Z community members to describe OpenBao recently. They wrote the following:

We are thrilled to announce the availability of OpenBao v2.0.0, its initial GA release!

It was fabulous to see contributors and member companies from a wide range of backgrounds come together to support OpenBao over the past several months and build an initial GA release in the open. This release focuses mostly on stabilizing the fork, reducing the binary size, and giving the community room to make the decisions it needs to ensure a healthy start to the ecosystem.