OpenStack Heat

Using Barbican as secret backend

Registered by Angus Salkeld on 2015-01-06

We store some secret data in the Heat database using a simple symmetric encryption with a static key. To improve security of the storage, we should optionally support using Barbican to store those secrets.

Read the full specification

Blueprint information

Status:: Started

Approver:: Angus Salkeld

Priority:: Low

Drafter:: Angus Salkeld

Direction:: Approved

Assignee:: Thomas Herve

Definition:: Approved

Series goal:: None

Implementation:: Needs Code Review

Milestone target:: next

Started by: Thomas Herve on 2015-05-22

Related branches

Related bugs

Sprints

Whiteboard

Heat has migrated to StoryBoard, please add BPs to [1]
If you like to keep using exists BPs, please add it to [1]
You can find more detail in [2].

[1] https://storyboard.openstack.org/#!/project/989
[2] https://etherpad.openstack.org/p/Heat-StoryBoard-Migration-Info

Gerrit topic: https://review.openstack.org/#q,topic:bp/barbican-as-secret-backend,n,z

Addressed by: https://review.openstack.org/180958
Move barbican client in main tree

Addressed by: https://review.openstack.org/180959
Implement barbican-backed store mechanism

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.