Yes we can't use C4 approach. We try to do it in docker environments but somehow we need to send the password-tmp in to the dokcer (via puppet or environment variables).
If we us docker volumes or if we store the password-tmp in the image there is a possibility that anyone can get that root/main password if they have access to the containers. Isn't it ? Thanks and regards, Thilina Piyasundara Systems Engineer Blog: thilina.piyasundara.org Linkedin: linkedin.com/in/thilinapiyasundara WSO2, Inc. <http://wso2.com/> lean . enterprise . middleware https://cloud.wso2.com On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez <az...@wso2.com> wrote: > In the container world, the sec vault files will get packed into the > containers, and if there are changes to those files, you will need to > create a new version of the container image. This is true for the rest of > the configuration files as well. This goes with the concept of immutable > servers. > > Azeez > > On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma <same...@wso2.com> > wrote: > >> I believe we cannot apply the same thing we had in C4. We have to think >> about how we can apply this for containers as well. Lets have a quick chat >> on this. >> >> Thanks, >> Sameera. >> >> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda <hasi...@wso2.com> >> wrote: >> >>> I think we have to target this for Hamming platform ? Because we have >>> some configuration files like (*-datasource.xml) with passwords. >>> >>> Apart from securing passwords in configuration files, I think we will >>> need secure vault support for runtime as well. In products like GW, ESB and >>> BPS do secure services invocations, (i.e BasicAuth) and we will need a >>> central place to store encrypted credentials. >>> >>> Thanks, >>> Hasitha. >>> >>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez <az...@wso2.com> wrote: >>> >>>> Simply porting the existing sec vault to work with C5 should be >>>> sufficient. >>>> >>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <hasi...@wso2.com> >>>> wrote: >>>> >>>>> Hi team, >>>>> >>>>> How are we going to use $Subject in C5. Can we use existing secure >>>>> vault implementation for this. >>>>> >>>>> Thanks, >>>>> Hasitha. >>>>> >>>>> -- >>>>> -- >>>>> Hasitha Aravinda, >>>>> Senior Software Engineer, >>>>> WSO2 Inc. >>>>> Email: hasi...@wso2.com >>>>> Mobile : +94 718 210 200 >>>>> >>>> >>>> >>>> >>>> -- >>>> *Afkham Azeez* >>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> * <http://www.apache.org/>* >>>> *email: **az...@wso2.com* <az...@wso2.com> >>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>> *twitter: **http://twitter.com/afkham_azeez* >>>> <http://twitter.com/afkham_azeez> >>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>> >>>> *Lean . Enterprise . Middleware* >>>> >>> >>> >>> >>> -- >>> -- >>> Hasitha Aravinda, >>> Senior Software Engineer, >>> WSO2 Inc. >>> Email: hasi...@wso2.com >>> Mobile : +94 718 210 200 >>> >> >> >> >> -- >> Sameera Jayasoma, >> Software Architect, >> >> WSO2, Inc. (http://wso2.com) >> email: same...@wso2.com >> blog: http://blog.sameera.org >> twitter: https://twitter.com/sameerajayasoma >> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >> Mobile: 0094776364456 >> >> Lean . Enterprise . Middleware >> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>* > *email: **az...@wso2.com* <az...@wso2.com> > * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * > *http://blog.afkham.org* <http://blog.afkham.org> > *twitter: **http://twitter.com/afkham_azeez* > <http://twitter.com/afkham_azeez> > *linked-in: **http://lk.linkedin.com/in/afkhamazeez > <http://lk.linkedin.com/in/afkhamazeez>* > > *Lean . Enterprise . Middleware* > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev