[openstack-dev] [oslo][oslo.config] Pluggable drivers and protect plaintext secrets

Raildo Mascena de Sousa Filho rmascena at redhat.com
Fri Aug 4 19:34:25 UTC 2017

Hi all,

We had a couple of discussions with the Oslo team related to implement
Pluggable drivers for oslo.config[0] and use those feature to implement
support to protect plaintext secret on configuration files[1].

In another hand, due the containerized support on OpenStack services, we
have a community effort to implement a k8s ConfigMap support[2][3], which
might make us step back and consider how secret management will work, since
the config data will need to go into the configmap *before* the container
is launched.

So, I would like to see what the community think. Should we continue
working on that pluggable drivers and protect plain text secrets support
for oslo.config? Makes sense having a PTG session[4] on Oslo to discuss
that feature?

Thanks for the feedback in advance.


[0] https://review.openstack.org/#/c/454897/
[1] https://review.openstack.org/#/c/474304/
[3] https://kubernetes.io/docs/
[4] https://etherpad.openstack.org/p/oslo-ptg-queens

Raildo mascena

Software Engineer, Identity Managment

Red Hat

TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170804/fc293923/attachment.html>

More information about the OpenStack-dev mailing list