<div dir="ltr"><div><div><div>Hi all, <br><br>We had a couple of discussions with the Oslo team related to implement Pluggable drivers for oslo.config[0] and use those feature to implement support to protect plaintext secret on configuration files[1]. <br><br></div>In another hand, due the containerized support on OpenStack services, we have a community effort to implement a k8s ConfigMap support[2][3], which might make us step back and consider how secret management will work, since the config data will need to go into the configmap *before* the container is launched.<br><br></div>So, I would like to see what the community think. Should we continue working on that pluggable drivers and protect plain text secrets support for oslo.config? Makes sense having a PTG session[4] on Oslo to discuss that feature?<br><br></div>Thanks for the feedback in advance.<br><div><div><div><div><br></div><div>Cheers,</div><br>[0] <a href="https://review.openstack.org/#/c/454897/" target="_blank">https://review.openstack.org/#/c/454897/</a><br>[1] <a href="https://review.openstack.org/#/c/474304/" target="_blank">https://review.openstack.org/#/c/474304/</a><br>[2] <a href="https://github.com/flaper87/keystone-k8s-ansible/blob/6524b768d75a28adf44c74aca77ccf13dd66b1a9/provision-keystone-apb/tasks/main.yaml#L71-L108" target="_blank">https://github.com/flaper87/keystone-k8s-ansible/blob/6524b768d75a28adf44c74aca77ccf13dd66b1a9/provision-keystone-apb/tasks/main.yaml#L71-L108</a><br>[3]<a href="https://kubernetes.io/docs/tasks/configure-pod-container/configmap/" target="_blank"> https://kubernetes.io/docs/</a><a href="https://kubernetes.io/docs/tasks/configure-pod-container/configmap/" target="_blank">tasks/configure-pod-container/configmap/</a><br>[4] <a href="https://etherpad.openstack.org/p/oslo-ptg-queens" target="_blank">https://etherpad.openstack.org/p/oslo-ptg-queens</a></div></div></div></div><div dir="ltr">-- <br></div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div class="inbox-inbox-inbox-sig-container" id="inbox-inbox-inbox-standard-target">
<p class="inbox-inbox-inbox-fullname-container" style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><span class="inbox-inbox-inbox-firstname-container">Raildo </span> <span class="inbox-inbox-inbox-lastname-container">mascena</span></p>
<p class="inbox-inbox-inbox-position-container" style="font-weight:normal;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span class="inbox-inbox-inbox-position">Software Engineer, Identity Managment</span></p>
<p class="inbox-inbox-inbox-legal-container" style="font-weight:normal;margin:0px;font-size:10px;color:rgb(153,153,153)"><a class="inbox-inbox-inbox-redhat-anchor" style="color:rgb(0,136,206);font-size:10px;margin:0px;text-decoration:none;font-family:"overpass",sans-serif" href="https://www.redhat.com" target="_blank">Red Hat <span><br><br></span></a></p>



<table border="0"><tbody><tr><td width="100px"><a href="https://red.ht/sig"> <img src="https://www.redhat.com/files/brand/email/sig-redhat.png" width="90" height="auto"></a> </td>
<td class="inbox-inbox-inbox-promo" style="font-weight:normal;font-size:10px">
<div class="inbox-inbox-inbox-promo inbox-inbox-inbox-promo-1"><a href="https://redhat.com/trusted" style="text-decoration:none;color:rgb(204,0,0);font-weight:bold">TRIED. TESTED. TRUSTED.</a></div>

</td></tr></tbody></table>

</div></div></div>