[openstack-dev] [nova][cinder] Deprecating ConfKeyManager (fixed-key key manager)

Farr, Kaitlin M. Kaitlin.Farr at jhuapl.edu
Tue Jan 5 21:58:38 UTC 2016

>> Aiming toward tests that mirror real-world deployment is certainly a
>> good thing, but I don't think we should remove ConfKeyManager.
>> We will want to maintain the ability to test these Cinder/Nova code
>> paths in development environments or in some automated environments
>> without requiring additional services to be configured.
>> We can address this by having ConfKeyManager emit warning messages
>> indicating that it isn't for production environments.
> Right, effectively the fixed key manager was a Testing Fixture for us.
> That's really important because it reduces the number of moving parts
> when testing this stuff as a full stack.
>         -Sean

Ok, I am looking into a way to keep a fixed-key back end, but it will
not live in Castellan.

Even if we keep the fixed-key back end, what about adding a gate that
tests the encryption features using Barbican? Would the community be
supportive if I added that gate?


More information about the OpenStack-dev mailing list