[openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?
Jay Pipes
jaypipes at gmail.com
Tue Jan 17 18:29:58 UTC 2017
On 01/17/2017 07:57 AM, Ian Cordasco wrote:
> On Mon, Jan 16, 2017 at 6:20 PM, Amrith Kumar <amrith.kumar at gmail.com> wrote:
>> Ian,
>>
>> This is a fascinating conversation. Let me offer two observations.
>>
>> First, Trove has long debated the ideal solution for storing secrets. There
>> have been many conversations, and Barbican has been considered many times.
>> We sought input from people who were deploying and operating Trove at scale;
>> customers of Tesora, self described users of the upstream Trove, and some of
>> the (then) active contributors who were also operators.
>>
>> The consensus was that installing and deploying OpenStack was hard enough
>> and requiring the installation of yet more services was problematic. This is
>> not something which singles out Barbican in any way. For example, Trove uses
>> Swift as the default object store where backups are stored, and in
>> implementing replication we leveraged the backup capability. This means that
>> to have replication, one needs to have Swift. Several deployers have
>> objected to this since they don't have swift. But that is a dependency which
>> we considered to be a hard dependency and offer no alternatives; you can
>> have Ceph if you so desire but we still access it as a swift store.
>> Similarly we needed some capabilities of job scheduling and opted to use
>> mistral for this; we didn't reimplement all of these capabilities in Trove.
>>
>> However, when it comes to secret storage, the consensus of opinion is
>> <eye-roll>Yet another service</eye-roll>.
>
> So, what spurred this thread is that I'm currently working on Craton
> which wants to store deployment secrets for operators and I've
> recently received a lot of private mail about Glare and how one of its
> goals is to replace Barbican (as well as Glance).
Problem #1: private emails. Why? Encourage whomever is privately
emailing you to instead post to the mailing list, otherwise parties are
not acting in the Open[Stack] Way.
Problem #2: What does Glare have to do with secret storage? I can
understand someone saying that Glare might eventually replace Glance,
but I'm not aware of anyone ever building crypto use cases or
functionality into the design of Glare. Ever.
Best,
-jay
More information about the OpenStack-dev
mailing list