Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: rhos-18.0.14 FR 4
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
8
Epic Link:
[Adoption] Implement: Proteccio HSM Integration for Barbican
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:
PX Impact Score:

Sprint:
DFG Security: Test Sprint 9, DFG Security: Test Sprint 10, DFG Security: Sprint 11
sprint_count:
3

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Goal:

To actually implement the adoption steps of a Proteccio HSM as a secure backend for the Barbican (Key Manager) service, migrating from a legacy RHOSP 17.1 environment to RHOSO 18.

Acceptance Criteria:

Secure network connectivity is established and verified between the OpenStack Key Manager (Barbican) service pods and the Eviden Proteccio HSM.
The Barbican service is configured with the PKCS#11 driver and successfully uses the Eviden Proteccio HSM as its cryptographic backend for all secret storage operations.

End-to-end validation tests pass, confirming that secrets can be created, retrieved, and deleted via the Barbican API, with HSM-level logs verifying that all cryptographic functions are being processed by the hardware.

blocks

OSPRH-18982 Document Proteccio HSM Adoption

Refinement

is blocked by

OSPRH-18943 Provision Development Environment for Adopting Proteccio HSM

Closed

links to

openstack-k8s-operators/data-plane-adoption#1059: Add Barbican adoption framework for Proteccio HSM environments

Assignee:: Mauricio Harley

Reporter:: Mauricio Harley

Contributors:: Milana Levy

Team:: rhos-dfg-security

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/08/11 10:22 AM

Updated:: 2025/09/24 9:24 AM

Resolved:: 2025/09/24 9:24 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty