[openstack-dev] Barbican : What is the difference between secret and order resource

Asha Seshagiri asha.seshagiri at gmail.com
Fri Apr 17 16:30:40 UTC 2015

Thanks a lot  John for your response.

I also thank everyone who has been responding to my queries if I have
missed someone .
There was  some problem while configuring my email .I do not receive the
email response directly  from openstack Dev group.I would check the archive
folder for that.
I will have a look into it

Once again , it's  nice working and collaborating with the openstack Dev

Thanks and Regards,
Asha Seshagiri


Thanks and Regards,
Asha Seshagiri

On Thu, Apr 16, 2015 at 8:10 AM, John Wood <john.wood at rackspace.com> wrote:

>  Hello Asha,
>  The /v1/secrets resource is used to upload, encrypt and store your
> secrets, and to decrypt and retrieve those secrets. Key encryption keys
> (KEKs) internal to Barbican are used to encrypt the secret.
>  The /v1/orders resource is used when you want Barbican to generate
> secrets for you. When they are done they give you references to where the
> secrets are stored so you can retrieve them via the secrets resource above.
>  Hope that helps!
>  Thanks,
> John
>   From: Asha Seshagiri <asha.seshagiri at gmail.com>
> Date: Thursday, April 16, 2015 at 1:23 AM
> To: openstack-dev <openstack-dev at lists.openstack.org>
> Cc: John Wood <john.wood at rackspace.com>, "Reller, Nathan S." <
> Nathan.Reller at jhuapl.edu>, Douglas Mendizabal <
> douglas.mendizabal at RACKSPACE.COM>, Paul Kehrer <paul.kehrer at RACKSPACE.COM>,
> Adam Harwell <adam.harwell at RACKSPACE.COM>, Alexis Lee <alexisl at hp.com>
> Subject: Barbican : What is the difference between secret and order
> resource
>   Hi All ,
>  What is the difference between secret and the order resource ?
> Where is the key stored that is used for encrypting the payload in the
> secret resource and how do we access it.
>  According to my understanding ,
>  Storing/Posting  the secret  means  we are encrypting the actual
> information(payload)  using the key generated internally by the barbican
> based on the type mentioned in the secret type.
> Geting the secret means we are decryprting the information and geting the
> actual information.
>  Posting the order refers to the generation of the actual keys by the
> barbican  and encyrpting those keys based on the algorithm and the internal
> key generated by barbican.
> This encrypted key is referred through the secret reference and the whole
> meta data is referred through a order reference.
>  Please correct me if I am wrong.
> Any help would be highly appreciated.
>  --
>  *Thanks and Regards,*
> *Asha Seshagiri*

*Thanks and Regards,*
*Asha Seshagiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150417/17ba8b5f/attachment.html>

More information about the OpenStack-dev mailing list