[openstack-dev] [keystone] [barbican] Protecting user specific secrets in Barbican

Tiwari, Arvind arvind.tiwari at hp.com
Thu May 15 12:21:02 UTC 2014


Barbcan will be used as secret store (or Key Manager) in Open Stack deployments. That means users can store any kind for secrets (ssh keys , access keys, password .....) in Barbican these secrets are not shared secrets.

In below scenario it seems secrets are not well protected in Barbican


1.       Barbican in integrated a OS based cloud deployment.

2.       In particular domain there is one (or multiple) project.

3.       Users are associated with the project through role (two coworker can have same role e.g. creator) or a admin user have higher role.

4.       Users have their secrets (ssh keys , access keys, password .....) for services (VMs per users, resources) saved in Barbican.


Problem


1.       Users with the same role or Admin on project can see each other secrets which are not a shared secrets.

2.       Multiple projects (or project hierarchy) per user just to store secrets is not going to help as it will lead to project exposition and confusing. At the same time projects are not meant to go 1 to 1 with user.

3.       Project hierarchy is also not a good solution as user on top of the hierarchy (reseller admin) can inherits role and able to steal the secrets.


Note, Barbican is designed for secret storage and protection, we need better management on secrets in Barbican. We also need better solution to address this problem.


Keystone and Barbican (or interested party) team, can we have a meeting today to brainstorm this issue and come up with better solution?


Thanks
Arvind



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140515/ed5bc044/attachment.html>


More information about the OpenStack-dev mailing list