Open Stack

That's a good point Paul. That would also avoid odd behavior such as updating the expiration date to one in the past, effectively disabling/soft-deleting that secret.  

Thanks,
John

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


________________________________________
From: Paul Kehrer [paul.kehrer at RACKSPACE.COM]
Sent: Wednesday, May 15, 2013 7:34 AM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [barbican] Secret entity PUT behavior

On May 14, 2013, at 10:06 PM, John Wood <john.wood at RACKSPACE.COM> wrote:

> Related to the previous email, what attributes of a secret can be modified after it is created?  It seems that only the expiration date could be modified, but perhaps that needs to be restricted to just null to non-null-date transitions (i.e. more restrictive)?
>
> Thanks,
> John

Should we even allow alteration of existing secrets at all? Maybe secret expiry should be immutable from the moment of creation? If you want your secret to not expire (or expire later) you could then create another one and begin encrypting your data with that (even if it ends up being the same key under the hood).

-Paul
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev