[jira] [Updated] (KNOX-3267) Add optional credential storing to KNOXTOKEN, CLIENTID and APIKEY Services

[Larry McCay (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated KNOX-3267:
------------------------------
    Description: 
To allow for protected credential provisioning, we can add an optional param to 
the various token minting APIs to protect the minted tokens within a backend 
credential store.

Coupled with a token name, that we can provide to the client, the token can 
later be retreived and used.

In addition, we would be able to also add automatic and transparent rolling and 
rotation of the credentials as appropriate for the use case represented by the 
topology that is hosting the API.

The backend storage will default to our builtin credential stores but we will 
make this pluggable so that we can use: zookeeper, hashicorp vault, RDBMS or a 
credential/key management server.

  was:
To allow for protected credential provisioning, we can add an optional param to 
the various token minting APIs to protect the minted tokens within a backend 
credential store.

Coupled with a token name, that we can provide to the client, the token can 
later be retreived and used.

In addition, we would be able to also add automatic and transparent rolling and 
rotation of the credentials as appropriate for the use case represented by the 
topology that is hosting the API.


> Add optional credential storing to KNOXTOKEN, CLIENTID and APIKEY Services
> --------------------------------------------------------------------------
>
>                 Key: KNOX-3267
>                 URL: https://issues.apache.org/jira/browse/KNOX-3267
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: JWT
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 3.0.0
>
>
> To allow for protected credential provisioning, we can add an optional param 
> to the various token minting APIs to protect the minted tokens within a 
> backend credential store.
> Coupled with a token name, that we can provide to the client, the token can 
> later be retreived and used.
> In addition, we would be able to also add automatic and transparent rolling 
> and rotation of the credentials as appropriate for the use case represented 
> by the topology that is hosting the API.
> The backend storage will default to our builtin credential stores but we will 
> make this pluggable so that we can use: zookeeper, hashicorp vault, RDBMS or 
> a credential/key management server.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)