Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-10654

[Dev] Make Changes to Castellan Vault Backend

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Obsolete
    • Icon: Normal Normal
    • None
    • None
    • openstack-barbican
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • OSP-803 - Secret Management
    • ?
    • ?

      Work to be completed:

      1. Make changes to castellan vault backend
        1. Improve the plugin to use HVAC (similar approach but modify existing plugin and beef up tests -  https://review.opendev.org/c/openstack/castellan/+/742169)
        2. Add ability to specify a prefix  - not the same as kv_root-- https://review.opendev.org/c/openstack/castellan/+/638742
        3. Add barbican tests to castellan to make sure we're not breaking barbican
        4. Snake oil castellan

      Definition of done:

      1. Certain passwords in a RHOS deployment (those loaded by oslo-config) stored in a castellan backend (either snake oil, vault or cyberark).  The config files that contain these passwords only store references to the passwords.
      2. On update, an existing system would have its passwords stored in the castellan backend - and only references would be stored in the service config files.
      3. On update, if a password change operation is initiated - all the passwords are updated correctly and a list of old password references is created.

              Unassigned Unassigned
              dwilde@redhat.com Dave Wilde
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: