[openstack-dev] [Glare][TC][All] Past, Present and Future of Glare project

Thierry Carrez thierry at openstack.org
Tue Jun 27 08:42:24 UTC 2017


Mikhail Fedosin wrote:
>             Does the above mean you are implementing a share secret storage
>             solution or that you are going to use an existing solution like
>             Barbican that does that?
> 
>         Sectets is a plugin for Glare we developed for Nokia CloudBand
>         platform,   and they just decided to opensource it. It doesn't
>         use Barbican, technically it is oslo.versionedobjects class.
> 
>     Sorry to hear that you opted not to use Barbican.
> 
> I think it's only because Keycloak integration is required by Nokia's
> system and Barbican doesn't support it. 

Any technical reason why it couldn't be added to Barbican ? Any chance
Keycloak integration could be added as a Castellan backend ? Secrets
management is really one of those things that should *not* be reinvented
in every project. It is easier to get wrong than people think, and you
end up having to do security audits on 10 repositories instead of one.

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list