[openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

Hongbin Lu hongbin.lu at huawei.com
Tue Apr 12 19:43:05 UTC 2016

Hi all,

In short, some Magnum team members proposed to store TLS certificates in Keystone credential store. As Magnum PTL, I want to get agreements (or non-disagreement) from OpenStack community in general, Keystone community in particular, before approving the direction.

In details, Magnum leverages TLS to secure the API endpoint of kubernetes/docker swarm. The usage of TLS requires a secure store for storing TLS certificates. Currently, we leverage Barbican for this purpose, but we constantly received requests to decouple Magnum from Barbican (because users normally don't have Barbican installed in their clouds). Some Magnum team members proposed to leverage Keystone credential store as a Barbican alternative [1]. Therefore, I want to confirm what is Keystone team position for this proposal (I remembered someone from Keystone mentioned this is an inappropriate use of Keystone. Would I ask for further clarification?). Thanks in advance.

[1] https://blueprints.launchpad.net/magnum/+spec/barbican-alternative-store

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160412/9285c84b/attachment.html>

More information about the OpenStack-dev mailing list