[openstack-dev] [Barbican] Multiple KMIP servers on a single barbican
Nathan Reller
nathan.s.reller at gmail.com
Wed Jun 10 13:13:27 UTC 2015
You would need to update the KMIPSecretStore or create a new
SecretStore to handle this. The logic should be behind the SecretStore
abstraction because Barbican only allows one active secret store.
I would think that the configuration file would have a listing of
available KMIP server URLs.
The URL as to where each key is stored would not be in the DTO but
rather in the metadata associated with a secret. The return calls for
the generate and store methods would return this metadata. Then all of
the other calls would need to parse the metadata to determine where
the secret is stored, so it would contact the correct KMIP server.
That's how I am envisioning it, but perhaps you have a better design
in which case I would vote for that one :)
-Nate
More information about the OpenStack-dev
mailing list