On Mon, Nov 3, 2014 at 8:14 PM, Udara Liyanage <[email protected]> wrote:
> Hi, > > Earlier encrypted password text of the user provided repo password is sent > with the ArtifactUpdate event. The cartridge agent decrypt the text with > the key sent with payload. > However with grouping since there are no subscriptions, encrypted text can > not be sent in the event by SM. Possible solutions are, > > 1) Send the encrypted text in payload > Now the encrypted text and key both in the same place which is not safe. > > 2) Publish encrypted text to metadata service > AS published the encrypted text to the metadata service at the time of > application parsing. Cartridge instance get the text from metadata service. > This has the overhead of publishing to metadata service and retrieving > from it. > Can this be supported for multi tenant cartridge scenarios as well? Option 1 seems not supported. Is option 2 supported? > > WDYT? > > > -- > > Udara Liyanage > Software Engineer > WSO2, Inc.: http://wso2.com > lean. enterprise. middleware > > web: http://udaraliyanage.wordpress.com > phone: +94 71 443 6897 > -- *Sajith Kariyawasam* *Committer and PMC member, Apache Stratos,WSO2 Inc., http://wso2.com <http://wso2.com>AMIE (SL)Mobile: +94772269575*
