OpenBAO: Manage, store, and distribute sensitive data

poly2it 22 points 6 comments July 15, 2026
openbao.org · View on Hacker News

Discussion Highlights (3 comments)

aiman_alsari

Ever since the IBM acquisition of Hashi I've been using this a lot more with my clients to save cost

EnigmaCurry

Not directly related to openbao, but I've thought about this for awhile that I'd like to use ssh certificates instead of ssh keys to allow an agent a time limited SSH access to a server, and that seems to work for gating the initial connection, but I haven't yet figured out how to enforce the established connection dies after a certain time. I could maybe hand roll a solution with ExposeAuthInfo and ForceCommand wrapper, but it feels like this sort of thing should be handled delicately..

elevation

My dream configuration in the past was Vault, protected by step-ca's ACME implementation, with an IdP like KanIDM for SSO. But it seems like there is so much feature creep: OpenBao now has its own ACME server. And KanIDM is considering it... Why is every app vying to be my root of trust?

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed