[openstack-dev] [Glare][TC][All] Past, Present and Future of Glare project
thierry at openstack.org
Tue Jun 27 08:42:24 UTC 2017
Mikhail Fedosin wrote:
> Does the above mean you are implementing a share secret storage
> solution or that you are going to use an existing solution like
> Barbican that does that?
> Sectets is a plugin for Glare we developed for Nokia CloudBand
> platform, and they just decided to opensource it. It doesn't
> use Barbican, technically it is oslo.versionedobjects class.
> Sorry to hear that you opted not to use Barbican.
> I think it's only because Keycloak integration is required by Nokia's
> system and Barbican doesn't support it.
Any technical reason why it couldn't be added to Barbican ? Any chance
Keycloak integration could be added as a Castellan backend ? Secrets
management is really one of those things that should *not* be reinvented
in every project. It is easier to get wrong than people think, and you
end up having to do security audits on 10 repositories instead of one.
Thierry Carrez (ttx)
More information about the OpenStack-dev