question on plain text config parameters encryption feature
Alexander Yeremko
a.yeremko at connectria.com
Tue Mar 22 18:11:45 UTC 2022
Dear OpenStack community,
we are developing plain text config secrets encryption feature according to the next specification:
https://specs.openstack.org/openstack/openstack-ansible-specs/specs/xena/protecting-plaintext-configs.html
We started from Glance OS service and submitted two patchsets already:
https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865
Now we have two questions that we need to clarify to proceed our work on that feature and finish our development:
1. Is it correct that we need to develop more patchsets to rework some logic of encryption mechanism according
to comment to 'files/encypt_secrets.py' script that arised at the second patchset (PatchSet 2) dated Nov/30/2021 ?
Comment is by Dmitry Rabotyagov: "We _really_ should make it as an ansible plugin and re-work logic"
2. We wish to have such feature in previous releases also, not just in upcoming Yoga or Zed.
Stein, Train and Victoria - it would be excellent to have plain text secrets encryption with these releases also.
So question is how is it possible to use our feature in those releases also? Can we push some backports to those releases openstack-ansible repo?
Best regards and wishes,
Alex Yeremko
This E-Mail (including any attachments) may contain privileged or confidential information. It is intended only for the addressee(s) indicated above. The sender does not waive any of its rights, privileges or other protections respecting this information. Any distribution, copying or other use of this E-Mail or the information it contains, by other than an intended recipient, is not sanctioned and is prohibited. If you received this E-Mail in error, please delete it and advise the sender (by return E-Mail or otherwise) immediately. Any calls held by you with Connectria may be recorded by an automated note taking system to ensure prompt follow up and for information collection purposes, and your attendance on any calls with Connectria confirms your consent to this. Any E-mail received by or sent from Connectria is subject to review by Connectria supervisory personnel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220322/c32ec0a3/attachment-0001.htm>
More information about the openstack-discuss
mailing list