Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: 阿里云DNS的STS支持? #6118

Open
ConstasJ opened this issue Nov 28, 2024 · 1 comment
Open

Feature Request: 阿里云DNS的STS支持? #6118

ConstasJ opened this issue Nov 28, 2024 · 1 comment

Comments

@ConstasJ
Copy link

背景

现在阿里云本身已经不推荐使用永久有效的AccessKey(AK)来作为用户认证凭据了。相对的,阿里云希望我们使用有TTL的STS(Security Token Service)凭证,以免去AK需要做的轮换流程,确保安全性。然而acme.sh的阿里云DNS API实现仍基于原有的V2版本API请求体,该版本已经被阿里云标记为不推荐,并且不支持STS。

需求

我希望能把阿里云DNS API实现更新为官方推荐的V3版本API请求体,并支持使用更安全的STS Token。

附录

  1. STS无法满足ACME.sh定期更新的需求?
    搭配HashiCorp Vault之类的工具可以实现每次执行cron时动态申请新的STS。这也是我的使用场景。
  2. 我已经fork了该仓库,并正在阅读现有代码。如果maintainer近期没有更新该实现的计划的话,我将自行实现并向本仓库提出PR。
@ConstasJ ConstasJ changed the title 阿里云DNS的STS支持? Feature Request: 阿里云DNS的STS支持? Nov 28, 2024
@acmesh-official acmesh-official deleted a comment from github-actions bot Nov 28, 2024
@Neilpang
Copy link
Member

欢迎任何pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants