Multiple Secret Backend Suppport

Barbican supports secret storage in HSM device as well as in a database. So far, Barbican has implicit concept of configuring one active plugin for secret store which means all of the new secrets are going to be stored via same plugin (i.e. same storage backend). This approach can limit the usage of barbican in a typical cloud deployment where not all services/applications have similar data sensitivity and hence don't have neccessity of using same mechanism to safeguard its encrpytion keys. Also HSM are expensive devices which have limited storage capacity and performance characteristics in comparison to database.

Proposal is to allow multiple secret store backend available in a single
barbican deployment. As part of this change, client has choice to select
preferred backend at a project level.