Protecting Plaintext Password

Registered by Raildo Mascena de Sousa Filho on 2017-06-13

Various regulations and best practices say that passwords and other
secret values should not be stored in plain text in configuration
files. There are "secret store" services to manage values that should
be kept secure. Castellan provides an abstraction API for accessing
those services.

In order to secure properly the secrets in that configurations files, we should
use a Castellan reference for that secrets and store it using a proper key
store backend, such as the Custodia Service, which makes easier that
integration since Custodia supports overlayed encryption backend that can be
used to store those secrets. In addition, we don't need any authentication
method through Keystone to handle with the access control on Castellan or
Custodia, so we still able to store the Keystone secrets as well.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Raildo Mascena de Sousa Filho
Direction:
Needs approval
Assignee:
Raildo Mascena de Sousa Filho
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.