[openstack-dev] [oslo][oslo.config] Pluggable drivers and protect plaintext secrets
Fox, Kevin M
Kevin.Fox at pnnl.gov
Fri Aug 4 20:21:19 UTC 2017
I would really like to see secrets separated from config. Always have... They are two separate things.
If nothing else, a separate config file so it can be permissioned differently.
This could be combined with k8s secrets/configmaps better too.
Or make it much easier to version config in git and have secrets somewhere else.
From: Raildo Mascena de Sousa Filho [rmascena at redhat.com]
Sent: Friday, August 04, 2017 12:34 PM
To: openstack-dev at lists.openstack.org
Subject: [openstack-dev] [oslo][oslo.config] Pluggable drivers and protect plaintext secrets
We had a couple of discussions with the Oslo team related to implement Pluggable drivers for oslo.config and use those feature to implement support to protect plaintext secret on configuration files.
In another hand, due the containerized support on OpenStack services, we have a community effort to implement a k8s ConfigMap support, which might make us step back and consider how secret management will work, since the config data will need to go into the configmap *before* the container is launched.
So, I would like to see what the community think. Should we continue working on that pluggable drivers and protect plain text secrets support for oslo.config? Makes sense having a PTG session on Oslo to discuss that feature?
Thanks for the feedback in advance.
Software Engineer, Identity Managment
TRIED. TESTED. TRUSTED.<https://redhat.com/trusted>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev