Current Consul Encryption Key Retrieval via Serf

[Vlad Slepukhin]

Hi all, 

At my current cloud setup we have a task to obtain the current encryption key used in Consul. I thought about approach this task with help of Consul Keyring API. It's well known that Keyring usually contains the single key, but during the key rotation operation it's inevitable to have two or more keys, so that's why our services have to have option to obtain the current primary key.

There are two things I'd like to discuss:

1. My first attempt was to actually implement patches in Serf and Consul, but that's a really long story as we're way behind the latest release of Consul. Yet, here is my proposal in Serf, is there anybody available to check it out? https://github.com/hashicorp/serf/pull/595
2. I was trying to use Serf-provided RPC client to connect to Consul RPC cluster and try sending handshake/auth messages to find out the current key. My problem is that I'm facing coder/decoder error. Even using msgpackrpc.CallWithCodec, but end up with codec.decoder: Only encoded map or array can be decoded into a struct. (valueType: 2), though I'm creating codec via msgpackrpc.NewClientCodec pretty much like in the tests. Any ideas here? Could it be the way to actually check the encryption key for being primary/active. Naturally, I was able to implement the checker using memberlist library, but I'd like to avoid excessive join/leave events when my services start.

Thanks in advance!

[Hans Hasselberg]

Thanks for reaching out and for your contribution! I responded on your PR, let's continue the discussion over there!