Improved secret storage utilizing external key manager
There are several secrets (for example passwords) that Sahara uses with respect to deployed frameworks which are currently stored in its database. This blueprint proposes the usage of the Castellan library key manager interface for offloading secret storage to an OpenStack Key manager service.
Secrets will be identified within the code base and marked for usage with the key manager in the related specification.
Blueprint information
- Status:
- Complete
- Approver:
- Sergey Lukjanov
- Priority:
- Medium
- Drafter:
- Michael McCune
- Direction:
- Approved
- Assignee:
- Michael McCune
- Definition:
- Approved
- Series goal:
- Accepted for mitaka
- Implementation:
-
Implemented
- Milestone target:
-
mitaka-3
- Started by
- Sergey Lukjanov
- Completed by
- Michael McCune
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Adding improved secret storage spec
Gerrit topic: https:/
Addressed by: https:/
Adding barbican client and keymgr module
Addressed by: https:/
Reworking improved secret storage spec
Addressed by: https:/
[WIP] Initial key manager and proxy passwords impl
Addressed by: https:/
Fix incorrect function name in swift client
Addressed by: https:/
move improved secret storage spec to mitaka
Gerrit topic: https:/
Addressed by: https:/
add helper functions for key manager
Addressed by: https:/
add developer documentation about the key manager
Addressed by: https:/
add cdh plugin passwords to key manager