[openstack-dev] Barbican : What is the difference between secret and order resource
asha.seshagiri at gmail.com
Fri Apr 17 16:30:40 UTC 2015
Thanks a lot John for your response.
I also thank everyone who has been responding to my queries if I have
missed someone .
There was some problem while configuring my email .I do not receive the
email response directly from openstack Dev group.I would check the archive
folder for that.
I will have a look into it
Once again , it's nice working and collaborating with the openstack Dev
Thanks and Regards,
Thanks and Regards,
On Thu, Apr 16, 2015 at 8:10 AM, John Wood <john.wood at rackspace.com> wrote:
> Hello Asha,
> The /v1/secrets resource is used to upload, encrypt and store your
> secrets, and to decrypt and retrieve those secrets. Key encryption keys
> (KEKs) internal to Barbican are used to encrypt the secret.
> The /v1/orders resource is used when you want Barbican to generate
> secrets for you. When they are done they give you references to where the
> secrets are stored so you can retrieve them via the secrets resource above.
> Hope that helps!
> From: Asha Seshagiri <asha.seshagiri at gmail.com>
> Date: Thursday, April 16, 2015 at 1:23 AM
> To: openstack-dev <openstack-dev at lists.openstack.org>
> Cc: John Wood <john.wood at rackspace.com>, "Reller, Nathan S." <
> Nathan.Reller at jhuapl.edu>, Douglas Mendizabal <
> douglas.mendizabal at RACKSPACE.COM>, Paul Kehrer <paul.kehrer at RACKSPACE.COM>,
> Adam Harwell <adam.harwell at RACKSPACE.COM>, Alexis Lee <alexisl at hp.com>
> Subject: Barbican : What is the difference between secret and order
> Hi All ,
> What is the difference between secret and the order resource ?
> Where is the key stored that is used for encrypting the payload in the
> secret resource and how do we access it.
> According to my understanding ,
> Storing/Posting the secret means we are encrypting the actual
> information(payload) using the key generated internally by the barbican
> based on the type mentioned in the secret type.
> Geting the secret means we are decryprting the information and geting the
> actual information.
> Posting the order refers to the generation of the actual keys by the
> barbican and encyrpting those keys based on the algorithm and the internal
> key generated by barbican.
> This encrypted key is referred through the secret reference and the whole
> meta data is referred through a order reference.
> Please correct me if I am wrong.
> Any help would be highly appreciated.
> *Thanks and Regards,*
> *Asha Seshagiri*
*Thanks and Regards,*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev