[Adding Imesh and Jayanga] On Fri, Mar 17, 2017 at 9:15 AM, Vidura Nanayakkara <vidu...@wso2.com> wrote:
> Hi All, > > An example for a secure vault YAML configuration file is as shown below > according to the current implementation. > > secretRepository: > type: org.wso2.carbon.kernel.securevault.repository. > DefaultSecretRepository > parameters: > privateKeyAlias: wso2carbon > keystoreLocation: resources/security/wso2carbon.jks > masterKeyReader: > type: org.wso2.carbon.kernel.securevault.reader.DefaultMasterKeyReader > > However, according to the discussion made in [1] > <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html> > , we decided to move Carbon Secure Vault out of Carbon Kernel for the > specified reasons in [1] > <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html>. > According to this change, in OSGi mode the Secret repository and the > master key reader will be an implementation of the specified classes ( > org.wso2.carbon.kernel.securevault.repository.DefaultSecretRepository and > org.wso2.carbon.kernel.securevault.reader.DefaultMasterKeyReader) and > will be registered via the Secure Vault Component while in standalone > mode the secret repository and master key reader will be instances of the > specified classes and will be created using the class.forName() method. > > According to this implementation, it was decided to delegate providing > other file paths (secret.properties, master-key.yaml) to relevant > implementation classes because other file paths (secret.properties, > master-key.yaml) are bound to the relevant implementation. However, with > this approach, we are forced to check whether the code is being executed in > OSGi mode or non-OSGi mode in order to provide the correct location of the > file paths (secret.properties, master-key.yaml). > > *Suggestion:* > > secretRepository: > type: org.wso2.carbon.secvault.securevault.repository. > DefaultSecretRepository > parameters: > privateKeyAlias: wso2carbon > keystoreLocation: securevault/resources/security/wso2carbon.jks > secretProperties: securevault/resources/security/secrets.properties > masterKeyReader: > type: org.wso2.carbon.secvault.securevault.utils. > DefaultHardCodedMasterKeyReader > parameters: > masterKeyFile: securevault/resources/security/master-keys.yaml > > > If we could add the highlighted properties to the secure vault YAML > configuration file specifying the location of the master-keys.yaml and > secrets.properties, we only need to check whether the code is being > executed in OSGi mode or non-OSGi mode once at the time of secure vault > initialisation. > > WDYT? > > [1] [C5] Moving Carbon Configuration and Carbon Sec-Vault to 2 Separate > Repositories (Removing from Kernel) > <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html> > > > Best Regards, > > *Vidura Nanayakkara* > Software Engineer > > Email : vidu...@wso2.com > Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> > Web : http://wso2.com > Blog : https://medium.com/@viduran <http://wso2.com/> > Twitter : http://twitter.com/viduranana > LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara > <http://wso2.com/> > -- Best Regards, *Vidura Nanayakkara* Software Engineer Email : vidu...@wso2.com Mobile : +94 (0) 717 919277 Web : http://wso2.com Blog : https://medium.com/@viduran <http://wso2.com/> Twitter : http://twitter.com/viduranana LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara <http://wso2.com/>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture