Hi Thilina, On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara <thili...@wso2.com> wrote:
> Yes we can't use C4 approach. > We try to do it in docker environments but somehow we need to send the > password-tmp in to the dokcer (via puppet or environment variables). > > If we us docker volumes or if we store the password-tmp in the image there > is a possibility that anyone can get that root/main password if they have > access to the containers. Isn't it ? > You can write your own implement for this by writing a new Secret Callback Handler class as mentioned in [1] [2]. > > Thanks and regards, > > Thilina Piyasundara > Systems Engineer > > > Blog: thilina.piyasundara.org > Linkedin: linkedin.com/in/thilinapiyasundara > > WSO2, Inc. > > <http://wso2.com/> > lean . enterprise . middleware > https://cloud.wso2.com > > On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez <az...@wso2.com> wrote: > >> In the container world, the sec vault files will get packed into the >> containers, and if there are changes to those files, you will need to >> create a new version of the container image. This is true for the rest of >> the configuration files as well. This goes with the concept of immutable >> servers. >> >> Azeez >> >> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma <same...@wso2.com> >> wrote: >> >>> I believe we cannot apply the same thing we had in C4. We have to think >>> about how we can apply this for containers as well. Lets have a quick chat >>> on this. >>> >>> Thanks, >>> Sameera. >>> >>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda <hasi...@wso2.com> >>> wrote: >>> >>>> I think we have to target this for Hamming platform ? Because we have >>>> some configuration files like (*-datasource.xml) with passwords. >>>> >>>> Apart from securing passwords in configuration files, I think we will >>>> need secure vault support for runtime as well. In products like GW, ESB and >>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a >>>> central place to store encrypted credentials. >>>> >>>> Thanks, >>>> Hasitha. >>>> >>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez <az...@wso2.com> wrote: >>>> >>>>> Simply porting the existing sec vault to work with C5 should be >>>>> sufficient. >>>>> >>>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <hasi...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi team, >>>>>> >>>>>> How are we going to use $Subject in C5. Can we use existing secure >>>>>> vault implementation for this. >>>>>> >>>>>> Thanks, >>>>>> Hasitha. >>>>>> >>>>>> -- >>>>>> -- >>>>>> Hasitha Aravinda, >>>>>> Senior Software Engineer, >>>>>> WSO2 Inc. >>>>>> Email: hasi...@wso2.com >>>>>> Mobile : +94 718 210 200 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Afkham Azeez* >>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>> * <http://www.apache.org/>* >>>>> *email: **az...@wso2.com* <az...@wso2.com> >>>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>> <http://twitter.com/afkham_azeez> >>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>> >>>>> *Lean . Enterprise . Middleware* >>>>> >>>> >>>> >>>> >>>> -- >>>> -- >>>> Hasitha Aravinda, >>>> Senior Software Engineer, >>>> WSO2 Inc. >>>> Email: hasi...@wso2.com >>>> Mobile : +94 718 210 200 >>>> >>> >>> >>> >>> -- >>> Sameera Jayasoma, >>> Software Architect, >>> >>> WSO2, Inc. (http://wso2.com) >>> email: same...@wso2.com >>> blog: http://blog.sameera.org >>> twitter: https://twitter.com/sameerajayasoma >>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>> Mobile: 0094776364456 >>> >>> Lean . Enterprise . Middleware >>> >>> >> >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>* >> *email: **az...@wso2.com* <az...@wso2.com> >> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >> *http://blog.afkham.org* <http://blog.afkham.org> >> *twitter: **http://twitter.com/afkham_azeez* >> <http://twitter.com/afkham_azeez> >> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >> <http://lk.linkedin.com/in/afkhamazeez>* >> >> *Lean . Enterprise . Middleware* >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > [1] - https://docs.wso2.com/display/Carbon420/Carbon+Secure+Vault+Implementation#CarbonSecureVaultImplementation-CreatecustomSecureVaultconfiguration [2] - http://xacmlinfo.org/2012/08/12/secure-plain-text-passwords-in-wso2-carbon-configuration-files Regards, Nira -- *Niranjan Karunanandham* Senior Software Engineer - WSO2 Inc. WSO2 Inc.: http://www.wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
