I tend to agree with Alex. There's nothing dealing with persistence in Cryptography at the moment (whether that be persisting to disk or elsewhere). This doesn't belong in Cryptography.
On Mon, Dec 19, 2016 at 3:18 PM, Alex Gaynor <alex.gay...@gmail.com> wrote: > I'm opposed -- there's no benefit to this being in cryptography itself; this > API can be totally implemented outside of it. > > Alex > > On Mon, Dec 19, 2016 at 4:17 PM, Boris Bobrov <bbob...@mirantis.com> wrote: >> >> Hi! >> >> I work on OpenStack Keystone. We use Fernet keys for our tokens. A >> token is a basically a tuple encrypted with fernet key. >> >> Fernet keys need to be rotated once in a while. Now we store them on >> disk. But it is problematic to rotate them in containers, because >> containers are supposed to be immutable. >> >> So idea of key storages came up. For example, we could store the >> keys in a database. Or in OpenStack Barbican, which is a REST API >> designed for the secure storage, provisioning and management of >> secrets such as encryption keys. Or in Custodia, >> https://github.com/latchset/custodia >> >> However, it doesn't sound like this should be in Keystone. It is >> not keystone-specific and all Fernet keys users will probably >> benefit of that. What do you think about adding this sort of >> functionality to cryptography? >> >> The idea is to define an abstract class in cryptography for a storage. >> An instance of storage will be passed to MultiFernet, which will >> read the keys from there, create individual instances of >> fernet.Fernet and perform all the usual stuff. Storage classes can >> be implemented inside cryptography or outside of it. >> >> What do you think about this? >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev@python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev > > > > > -- > "I disapprove of what you say, but I will defend to the death your right to > say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: D1B3 ADC0 E023 8CA6 > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- Ian Cordasco _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
