Re: [openstack-dev] [Glare][TC][All] Past, Present and Future of Glare project

[Jay Pipes]

From what I can tell, Keycloak is an Identity provider, not a secret store?

-jay

On 06/27/2017 05:35 AM, Adam Heczko wrote:

Barbican already supports multiple secret storage backends [1] and most likely adding Keycloak's one [2] should be possible.

[1] https://docs.openstack.org/project-install-guide/key-manager/draft/barbican-backend.html

[2] https://github.com/jpkrohling/secret-store

On Tue, Jun 27, 2017 at 10:42 AM, Thierry Carrez <thie...@openstack.org <mailto:thie...@openstack.org>> wrote:

    Mikhail Fedosin wrote:
    >             Does the above mean you are implementing a share secret 
storage
    >             solution or that you are going to use an existing solution 
like
    >             Barbican that does that?
    >
    >         Sectets is a plugin for Glare we developed for Nokia CloudBand
    >         platform,   and they just decided to opensource it. It doesn't
    >         use Barbican, technically it is oslo.versionedobjects class.
    >
    >     Sorry to hear that you opted not to use Barbican.
    >
    > I think it's only because Keycloak integration is required by Nokia's
    > system and Barbican doesn't support it.

    Any technical reason why it couldn't be added to Barbican ? Any chance
    Keycloak integration could be added as a Castellan backend ? Secrets
    management is really one of those things that should *not* be reinvented
    in every project. It is easier to get wrong than people think, and you
    end up having to do security audits on 10 repositories instead of one.

    --
    Thierry Carrez (ttx)

    __________________________________________________________________________
    OpenStack Development Mailing List (not for usage questions)
    Unsubscribe:
    openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
    <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
    http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
    <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>




--
Adam Heczko
Security Engineer @ Mirantis Inc.


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev