Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7216

RHACS Operator should allow private key download to Init Bundle File

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • rhacs
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description:

      Goal Summary:

      In RHACS, Operator does not allow users to download the private key used in the init bundle file. Theres a risk especially in large cluster estates where the risk of private key compromise increases. Allowing the download of the private key will give us theĀ  better management and security.

      Goals and expected user outcomes:

      • Users will be able to download the private key from the init bundle file directly through the RHACS.
      • It is expected that a secure cluster can join RHACS by accessing an RHACS endpoint directly, without having to exchange the init bundle.
      • Any auto rotation performed by the operator should also be considered compromised if the previous key is considered compromised and a manual rotation should be performed. Is this possible?

      Acceptance Criteria:

      • Users can successfully download the private key from the init bundle file.
      • The download process can be secure and with best practices for sensitive information.

              atelang@redhat.com Anjali Telang
              rhn-support-ideshmuk Isha Deshmukh
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:
                None
                None