Provide HashiCorp Vault KMS plugin for Notation

[FeynmanZhou]

What are the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

Notation only has an Azure Key Vault plugin for storing keys in Azure Key Vault, which is used to sign and verify artifacts in the OCI registry. HashiCorp Vault is a popular Key Management System (KMS) and we see more and more users rely on it in the on-premise environment.

This issue is open for the CNCF LFX Mentorship 2023 program. If you are interested in implementing this issue, please let us know.

What solution do you propose?

This issue aims to develop a HashiCorp Vault plugin for Notation based on the Notary Plugin spec. With the HashiCorp Vault plugin added to Notation, it would be helpful for the offline signing scenario in the future.

What alternatives have you considered?

None

Any additional context?

No response

[yyy1000]

Hi, I'm a senior student at Sichuan University and I'd like to implement this!

[Manas23601]

Hey, I would like to contribute to this issue as well. Could you let me know which supporting documents I need to look at?

[FeynmanZhou]

@yyy1000 @Manas23601
Thanks for your interest! I am working with CNCF to update the project proposal to https://mentorship.lfx.linuxfoundation.org/. After this project is added to the LFX platform by CNCF, you can apply for this project at LFX Mentorship website. Will inform you soon.

[OliverShang]

Hi @FeynmanZhou,
I am a senior software engineering student at Tongji University and would like to contribute to this project. I'll apply for the mentorship once the applications are open, is there anything else that needs to be taken care of?

Thanks

[FeynmanZhou]

@OliverShang Now it is available to be applied at https://mentorship.lfx.linuxfoundation.org/project/9710c834-913d-487d-9ebf-8205cdf48ab4. You might take a look at the LFX official guideline if you are the first time to apply for LFX program.

[Shubham4359]

Hi @FeynmanZhou, I would like to work on this issue in the upcoming LFX mentorship term. I have previously worked with Golang. Can you give me a brief idea about the prerequisites needed to learn and is there anything else that needs to be looked into?

[tomaszkrzyzanowski]

@FeynmanZhou is this issue still relevant?

What are the missing parts? Some tests or automated releases?

[FeynmanZhou]

Hi @tomaszkrzyzanowski ,

Thanks for your contribution. We will need to test the Vault plugin and evaluate its maturity for the first release.
Are you waiting for the first release and use it in your project?

[tomaszkrzyzanowski]

Nah, I'm going to implement it anyway.

Just want to help if it requires some development - I'm so far having fun with working on the plugin :)