Hi Vidura, On Fri, Mar 17, 2017 at 9:15 AM, Vidura Nanayakkara <[email protected]> wrote:
> Hi All, > > An example for a secure vault YAML configuration file is as shown below > according to the current implementation. > > secretRepository: > type: org.wso2.carbon.kernel.securevault.repository. > DefaultSecretRepository > parameters: > privateKeyAlias: wso2carbon > keystoreLocation: resources/security/wso2carbon.jks > masterKeyReader: > type: org.wso2.carbon.kernel.securevault.reader.DefaultMasterKeyReader > > However, according to the discussion made in [1] > <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html> > , we decided to move Carbon Secure Vault out of Carbon Kernel for the > specified reasons in [1] > <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html>. > According to this change, in OSGi mode the Secret repository and the > master key reader will be an implementation of the specified classes ( > org.wso2.carbon.kernel.securevault.repository.DefaultSecretRepository and > org.wso2.carbon.kernel.securevault.reader.DefaultMasterKeyReader) and > will be registered via the Secure Vault Component while in standalone > mode the secret repository and master key reader will be instances of the > specified classes and will be created using the class.forName() method. > > According to this implementation, it was decided to delegate providing > other file paths (secret.properties, master-key.yaml) to relevant > implementation classes because other file paths (secret.properties, > master-key.yaml) are bound to the relevant implementation. However, with > this approach, we are forced to check whether the code is being executed in > OSGi mode or non-OSGi mode in order to provide the correct location of the > file paths (secret.properties, master-key.yaml). > Since this happens in implementation class as in this case in Default implementation, IMO it is not a problem to check whether OSGI or not to give the correct file location. Even when you create another implementation that should work in both OSGI and non OSGI enviorenments you have to check for OSGI or not to give the correct file location. > > > *Suggestion:* > > secretRepository: > type: org.wso2.carbon.secvault.securevault.repository. > DefaultSecretRepository > parameters: > privateKeyAlias: wso2carbon > keystoreLocation: securevault/resources/security/wso2carbon.jks > secretProperties: securevault/resources/security/secrets.properties > masterKeyReader: > type: org.wso2.carbon.secvault.securevault.utils. > DefaultHardCodedMasterKeyReader > parameters: > masterKeyFile: securevault/resources/security/master-keys.yaml > > > If we could add the highlighted properties to the secure vault YAML > configuration file specifying the location of the master-keys.yaml and > secrets.properties, we only need to check whether the code is being > executed in OSGi mode or non-OSGi mode once at the time of secure vault > initialisation. > > WDYT? > > [1] [C5] Moving Carbon Configuration and Carbon Sec-Vault to 2 Separate > Repositories (Removing from Kernel) > <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html> > > > Best Regards, > > *Vidura Nanayakkara* > Software Engineer > > Email : [email protected] > Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> > Web : http://wso2.com > Blog : https://medium.com/@viduran <http://wso2.com/> > Twitter : http://twitter.com/viduranana > LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara > <http://wso2.com/> > -- Lakshman Udayakantha WSO2 Inc. www.wso2.com lean.enterprise.middleware Mobile: *0717429601*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
