Hi all,
In the current non-OSGi securevault implementation, we need to pass
securevault configuration file path when initializing the securevault
service instance. like below,
> Path *configPath* = <secure-vault.yaml file path>;SecureVaultFactory
> secureVaultFactory = new SecureVaultFactory();SecureVault secureVault =
> secureVaultFactory.getSecureVault(*configPath*);
>
>
Since Configuration Provider directly depends on securevault, we need to
initialize securevault instance because initializing the Configuration
Provider. Below are few options we can follow when initializing Config
Provider non-OSGi mode
Option 01: Force user to create securevault instance before creating
Configuration Provider instance. We will provide method in provider factory
to get ConfigProvider by passing deployment config file path and
securevault instance. like below,
Path *secureVaultconfigPath* = <secure-vault.yaml file
path>;SecureVaultFactory secureVaultFactory = new
SecureVaultFactory();SecureVault *secureVault* =
secureVaultFactory.getSecureVault(*secureVaultconfigPath*);
>
> Path *deploymentConfigPath* = <deployment.yaml file path>;
> ConfigProviderFactory configProviderFactory = new ConfigProviderFactory();
> ConfigProvider configProvider =
> configProviderFactory.getConfigProvider(*deploymentConfigPath*,
> *secureVault*);
>
>
Option 02: Allow user to pass deployment.yaml(can be any file name) file
path only and we create the securevault instance. in order to do that, we
should know the securevault config file path. Shall we add securevault
configuration also to the deployment.yaml file(can be any file name. we
keep same file to hold both server configs and securevault configs) and
pass the same file to initialize securevault when initializing
configuration provider. So configuration file will looks like,
...
wso2.securevault:
secretRepository:
type: org.wso2.carbon.secvault.repository.DefaultSecretRepository
parameters:
privateKeyAlias: wso2carbon
keystoreLocation: resources/security/wso2carbon.jks
secretPropertiesFile: conf/secrets.properties
masterKeyReader:
type: org.wso2.carbon.secvault.reader.DefaultMasterKeyReader
parameters:
masterKeyReaderFile: conf/master-keys.yaml
...
So when initializing the securevault, provider will read the same config
file and get configurations under wso2.securevault.
Please share your thoughts / suggestions.
Thanks
--
*Danesh Kuruppu*
Senior Software Engineer | WSO2
Email: [email protected]
Mobile: +94 (77) 1690552
Web: WSO2 Inc <https://wso2.com/signature>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
