** Description changed: Keystone middleware's caching of tokens offers HMAC validation and encryption of the tokens in the cache. This is important because memcache has literally zero authentication or protection from any user on the system. So this feature should be ported in from keystone middleware into keystone. + + Encrypted caching implementation: https://opendev.org/openstack/keystonemiddleware/src/commit/0a65b1420799e7c7f8736e9f6c234f755ab5ac6b/keystonemiddleware/auth_token/_cache.py#L254-L297 + Caching configuration via ksm: https://opendev.org/openstack/keystonemiddleware/src/commit/0a65b1420799e7c7f8736e9f6c234f755ab5ac6b/keystonemiddleware/auth_token/_opts.py#L113-L122 -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1578466 Title: oslo.cache should offer encryption in a similar manner to keystonemiddleware Status in OpenStack Identity (keystone): Won't Fix Status in oslo.cache: Confirmed Bug description: Keystone middleware's caching of tokens offers HMAC validation and encryption of the tokens in the cache. This is important because memcache has literally zero authentication or protection from any user on the system. So this feature should be ported in from keystone middleware into keystone. Encrypted caching implementation: https://opendev.org/openstack/keystonemiddleware/src/commit/0a65b1420799e7c7f8736e9f6c234f755ab5ac6b/keystonemiddleware/auth_token/_cache.py#L254-L297 Caching configuration via ksm: https://opendev.org/openstack/keystonemiddleware/src/commit/0a65b1420799e7c7f8736e9f6c234f755ab5ac6b/keystonemiddleware/auth_token/_opts.py#L113-L122 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1578466/+subscriptions