3 posts tagged with "technical"

Overview​

OpenBao, like its upstream, favors the raft internal storage engine. While more complex than relying on a database for replication, this storage engine allows us to have lower latency on read operations, because it uses a local K/V implementation based on B+-trees. For workloads with low writes but high reads (typical of most uses of K/V secrets), this trade off allows for the best performance.

An earlier blog post talked about the availability of transactions in the main branch, this post will focus on the technical details of implementing transactions.

Recently we merged the last of the transactional storage pull requests, including PostgreSQL support!

OpenBao and upstream lack server-side cross-pluign communication.

As recently seen with an OIDC feature, this shortcoming often needs to be worked around on the client side, potentially exposing sensitive information.

There's usually two paths discussed for cross-plugin communication:

1. Requests bound under the context of the original user token.
2. Designing some other authorization system or an internal API based design.