Barbican already supports multiple secret storage backends [1] and most likely adding Keycloak's one [2] should be possible. [1] https://docs.openstack.org/project-install-guide/key-manager/draft/barbican-backend.html [2] https://github.com/jpkrohling/secret-store On Tue, Jun 27, 2017 at 10:42 AM, Thierry Carrez <thierry at openstack.org> wrote: > Mikhail Fedosin wrote: > > Does the above mean you are implementing a share secret > storage > > solution or that you are going to use an existing solution > like > > Barbican that does that? > > > > Sectets is a plugin for Glare we developed for Nokia CloudBand > > platform, and they just decided to opensource it. It doesn't > > use Barbican, technically it is oslo.versionedobjects class. > > > > Sorry to hear that you opted not to use Barbican. > > > > I think it's only because Keycloak integration is required by Nokia's > > system and Barbican doesn't support it. > > Any technical reason why it couldn't be added to Barbican ? Any chance > Keycloak integration could be added as a Castellan backend ? Secrets > management is really one of those things that should *not* be reinvented > in every project. It is easier to get wrong than people think, and you > end up having to do security audits on 10 repositories instead of one. > > -- > Thierry Carrez (ttx) > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Adam Heczko Security Engineer @ Mirantis Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170627/e406dd92/attachment.html>