[openstack-dev] [oslo][oslo.config] Pluggable drivers and protect plaintext secrets

Davanum Srinivas davanum at gmail.com
Fri Aug 4 19:37:23 UTC 2017 

Raildo,

I am interested in this topic. PTG session sounds great!

Thanks,
Dims

On Fri, Aug 4, 2017 at 3:34 PM, Raildo Mascena de Sousa Filho <
rmascena at redhat.com> wrote:

> Hi all,
>
> We had a couple of discussions with the Oslo team related to implement
> Pluggable drivers for oslo.config[0] and use those feature to implement
> support to protect plaintext secret on configuration files[1].
>
> In another hand, due the containerized support on OpenStack services, we
> have a community effort to implement a k8s ConfigMap support[2][3], which
> might make us step back and consider how secret management will work, since
> the config data will need to go into the configmap *before* the container
> is launched.
>
> So, I would like to see what the community think. Should we continue
> working on that pluggable drivers and protect plain text secrets support
> for oslo.config? Makes sense having a PTG session[4] on Oslo to discuss
> that feature?
>
> Thanks for the feedback in advance.
>
> Cheers,
>
> [0] https://review.openstack.org/#/c/454897/
> [1] https://review.openstack.org/#/c/474304/
> [2] https://github.com/flaper87/keystone-k8s-ansible/blob/
> 6524b768d75a28adf44c74aca77ccf13dd66b1a9/provision-keystone-
> apb/tasks/main.yaml#L71-L108
> [3] https://kubernetes.io/docs/
> <https://kubernetes.io/docs/tasks/configure-pod-container/configmap/>tas
> ks/configure-pod-container/configmap/
> <https://kubernetes.io/docs/tasks/configure-pod-container/configmap/>
> [4] https://etherpad.openstack.org/p/oslo-ptg-queens
> --
>
> Raildo mascena
>
> Software Engineer, Identity Managment
>
> Red Hat
>
> <https://www.redhat.com>
> <https://red.ht/sig>
> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Davanum Srinivas :: https://twitter.com/dims
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170804/fc2334f6/attachment.html>

More information about the OpenStack-dev mailing list