Another option:
If you want to give User-A read access to all Project-B secrets, you could
assign User-A the role of "observer" in Project-B.
This would use the default RBAC policy, not give every user access to the
secrets, and be more convenient than adding each user to the ACL of each
secret.
Thanks Kaitlin Farr.
In tacker vim usecase, an operator [user A] may create a vim with an
account[user B] to access the NFVI. I want to store user B's password in
barbican.
There are two methods to store secret:
1. All user A's vim secrets are stored in one common reserved
project/user as m
> As i known, the secrets are saved in a user's domain, and other
> project/user can not retrieve the secrets.
> But i have a situation that many users need retrieve a same secret.
>
> After looking into the castellan usage, I see the method that saving the
>credentials in configuratio
Hello, folks:
As i known, the secrets are saved in a user's domain, and other
project/user can not retrieve the secrets.
But i have a situation that many users need retrieve a same secret.
After looking into the castellan usage, I see the method that saving the
credentials in config