So if the password is in env anyone having access to container also can get that isn't it?
Thanks and regards, Thilina Piyasundara Systems Engineer Blog: thilina.piyasundara.org Linkedin: linkedin.com/in/thilinapiyasundara WSO2, Inc. <http://wso2.com/> lean . enterprise . middleware https://cloud.wso2.com On Wed, Mar 30, 2016 at 12:19 PM, Afkham Azeez <az...@wso2.com> wrote: > It can be passed in as an env variable when starting the container > > On Wed, Mar 30, 2016 at 12:16 PM, Hasitha Aravinda <hasi...@wso2.com> > wrote: > >> One limitation we had in C4 based secure vault is once enabled we have to >> provide the keystore password at every server start. I think we have to >> look how we can overcome this limitation in container world. >> >> Thanks, >> Hasitha. >> >> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez <az...@wso2.com> wrote: >> >>> In the container world, the sec vault files will get packed into the >>> containers, and if there are changes to those files, you will need to >>> create a new version of the container image. This is true for the rest of >>> the configuration files as well. This goes with the concept of immutable >>> servers. >>> >>> Azeez >>> >>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma <same...@wso2.com> >>> wrote: >>> >>>> I believe we cannot apply the same thing we had in C4. We have to think >>>> about how we can apply this for containers as well. Lets have a quick chat >>>> on this. >>>> >>>> Thanks, >>>> Sameera. >>>> >>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda <hasi...@wso2.com> >>>> wrote: >>>> >>>>> I think we have to target this for Hamming platform ? Because we have >>>>> some configuration files like (*-datasource.xml) with passwords. >>>>> >>>>> Apart from securing passwords in configuration files, I think we will >>>>> need secure vault support for runtime as well. In products like GW, ESB >>>>> and >>>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a >>>>> central place to store encrypted credentials. >>>>> >>>>> Thanks, >>>>> Hasitha. >>>>> >>>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez <az...@wso2.com> wrote: >>>>> >>>>>> Simply porting the existing sec vault to work with C5 should be >>>>>> sufficient. >>>>>> >>>>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <hasi...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi team, >>>>>>> >>>>>>> How are we going to use $Subject in C5. Can we use existing secure >>>>>>> vault implementation for this. >>>>>>> >>>>>>> Thanks, >>>>>>> Hasitha. >>>>>>> >>>>>>> -- >>>>>>> -- >>>>>>> Hasitha Aravinda, >>>>>>> Senior Software Engineer, >>>>>>> WSO2 Inc. >>>>>>> Email: hasi...@wso2.com >>>>>>> Mobile : +94 718 210 200 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Afkham Azeez* >>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>> * <http://www.apache.org/>* >>>>>> *email: **az...@wso2.com* <az...@wso2.com> >>>>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>> <http://twitter.com/afkham_azeez> >>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>> >>>>>> *Lean . Enterprise . Middleware* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> Hasitha Aravinda, >>>>> Senior Software Engineer, >>>>> WSO2 Inc. >>>>> Email: hasi...@wso2.com >>>>> Mobile : +94 718 210 200 >>>>> >>>> >>>> >>>> >>>> -- >>>> Sameera Jayasoma, >>>> Software Architect, >>>> >>>> WSO2, Inc. (http://wso2.com) >>>> email: same...@wso2.com >>>> blog: http://blog.sameera.org >>>> twitter: https://twitter.com/sameerajayasoma >>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>>> Mobile: 0094776364456 >>>> >>>> Lean . Enterprise . Middleware >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>* >>> *email: **az...@wso2.com* <az...@wso2.com> >>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>> *http://blog.afkham.org* <http://blog.afkham.org> >>> *twitter: **http://twitter.com/afkham_azeez* >>> <http://twitter.com/afkham_azeez> >>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>> <http://lk.linkedin.com/in/afkhamazeez>* >>> >>> *Lean . Enterprise . Middleware* >>> >> >> >> >> -- >> -- >> Hasitha Aravinda, >> Senior Software Engineer, >> WSO2 Inc. >> Email: hasi...@wso2.com >> Mobile : +94 718 210 200 >> > > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>* > *email: **az...@wso2.com* <az...@wso2.com> > * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * > *http://blog.afkham.org* <http://blog.afkham.org> > *twitter: **http://twitter.com/afkham_azeez* > <http://twitter.com/afkham_azeez> > *linked-in: **http://lk.linkedin.com/in/afkhamazeez > <http://lk.linkedin.com/in/afkhamazeez>* > > *Lean . Enterprise . Middleware* > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev