[openstack-dev] Key Manager blueprint updated

Jarret Raim jarret.raim at RACKSPACE.COM
Tue Apr 23 18:02:51 UTC 2013

We've already started an implementation for key management that was demoed at the conference and we are looking to incubate. This is CloudKeep and can be found here:


Is this a suggestion for a competing project? From my discussions with everyone at the conference, there doesn't seem to be any active development occurring anywhere else (please let me know if that's not the case as we should join forces!).

CloudKeep will be publishing our blueprints this week or early next after we get everything updated from all our discussions at the summit. There is a lot of good thought in Malini's blueprint and ours will take some of into account along with many of the discussions we had at the conference. However, there are some parts that I'm still very leery of implementing including any hard requirements on hardware features, KMIP and some of the scoping questions. Some of these issues were discussed at the design session and still need to be hammered out.


From: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Reply-To: OpenStack Development Mailing List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Tuesday, April 23, 2013 8:33 AM
To: OpenStack Development Mailing List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] Key Manager blueprint updated



On Tue, Apr 23, 2013 at 3:09 AM, Bhandaru, Malini K <malini.k.bhandaru at intel.com<mailto:malini.k.bhandaru at intel.com>> wrote:
Hello Everyone!

Thank you to those of you who attended the key manager design summit session and provided input.
Missed some of you who have provided feedback on the mailing list.

I’ve updated the blueprint based on the discussions.  Do let me know if you are in favor of
Limiting access to keys based on original owner (user/project/tenant). With this approach, a put/create would need an additional
Argument to indicate scope.

I anticipate over this week breaking out the details into sub-blueprints for easier parceling into implementation sub-units.


Also open to suggestions for a name for the project :)

Jangle – the sound a bunch of keys  make?
Key Manager   (no obfuscation !)
(keystore is too similar to keystone ..  -1)


OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130423/7ac3c052/attachment.html>

More information about the OpenStack-dev mailing list