Skip to main content

RFCs

The following is a list of Requests for Comments (RFCs, a form of design documentation) agreed upon by the community and the OpenBao Technical Steering Committee.

Accepted

  • Authenticated rekey, to make the rekey root and rekey recovery keys endpoints authenticated and additionally authorized by a token and its policy.
  • Declarative Self-Initialization, to allow operators to define initial mounts, auth, policies, and audit logs from a static configuration applied once on early startup, preventing the need to call manual sys/init except with manual unseal mechanisms.
  • External Key Configuration for KMS and HSM Access, to add support for secure key material storage and interaction from secrets engines like PKI, Transit, and SSH.
  • Web UI Modernization, for rewriting OpenBao’s web UI from EmberJS to React to create a modern, secure, and extensible interface.

Landed

Strategic