Skip to content

Instantly share code, notes, and snippets.

@ChadThomsonPSC

ChadThomsonPSC/README.md

Forked from devorbitus/README.md
Created March 7, 2024 19:38
Show Gist options
  • Save ChadThomsonPSC/1e5eabed294578f3abc40ec10f6ba33e to your computer and use it in GitHub Desktop.
Save ChadThomsonPSC/1e5eabed294578f3abc40ec10f6ba33e to your computer and use it in GitHub Desktop.
Download ZIP
Akeyless Custom Dynamic Secret Producer Sequence
Raw
README.md

Akeyless Custom Dynamic Secret Producer Sequence

Sequence diagrams for custom dynamic secret producers

Local Gateway

Sequence flow when client is communicating to the local gateway cluster who is responsible for sepaking with the custom dynamic secret producer webhook.

sequenceDiagram
    participant C as Client
    participant G as Akeyless Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook
    participant Akeyless_SaaS as Akeyless SaaS Platform

    C->>G: Request secret from specific path
    G->>DSP: Check if path matches custom producer
    alt Path matches
        DSP->>Webhook: Call out to validate request
        Webhook->>Akeyless_SaaS: Verify request origin
        alt Request Verified
            Akeyless_SaaS->>Webhook: Confirm verification
            Webhook->>DSP: Verification successful
            DSP->>DSP: Generate dynamic secret
            DSP->>G: Return dynamic secret
            G->>C: Provide secret to client
        else Verification Failed
            Akeyless_SaaS->>Webhook: Deny verification
            Webhook->>DSP: Verification failed
            DSP->>G: Deny secret
            G->>C: Return error to client
        end
    else Path does not match
        G->>C: Return error or default behavior
    end
Loading

Local Gateway being fulfilled by remote Gateway

A client calling a gateway in a cloud service provider which sends the request through the SaaS platform and directs the request to an on-prem gateway who fulfills the request and sends the response back through the SaaS to the requesting gateway and back to the requesting client.

sequenceDiagram
    participant Client
    participant CSP_Gateway as CSP Gateway
    participant Akeyless_SaaS as Akeyless SaaS Platform
    participant OnPrem_Gateway as On-Premises Gateway
    participant DSP as Dynamic Secret Producer
    participant Webhook

    Client->>CSP_Gateway: Request secret from specific path
    CSP_Gateway->>Akeyless_SaaS: Forward request
    Akeyless_SaaS->>OnPrem_Gateway: Route request to on-prem
    OnPrem_Gateway->>DSP: Check if path matches custom producer
    alt Path matches
        DSP->>Webhook: Call out to validate request
        Webhook->>Akeyless_SaaS: Verify request origin
        alt Request Verified
            Akeyless_SaaS->>Webhook: Confirm verification
            Webhook->>DSP: Verification successful
            DSP->>DSP: Generate dynamic secret
            DSP->>OnPrem_Gateway: Return dynamic secret
            OnPrem_Gateway->>Akeyless_SaaS: Send response with secret
            Akeyless_SaaS->>CSP_Gateway: Forward on-prem response
            CSP_Gateway->>Client: Return response to client
        else Verification Failed
            Akeyless_SaaS->>Webhook: Deny verification
            Webhook->>DSP: Verification failed
            DSP->>OnPrem_Gateway: Deny secret
            OnPrem_Gateway->>Akeyless_SaaS: Send denial response
            Akeyless_SaaS->>CSP_Gateway: Forward denial response
            CSP_Gateway->>Client: Return denial to client
        end
    else Path does not match
        OnPrem_Gateway->>Akeyless_SaaS: Path does not match
        Akeyless_SaaS->>CSP_Gateway: Inform of mismatch
        CSP_Gateway->>Client: Return error or default behavior
    end
Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment