Again, I would like to point to the wskdeploy tool (project) in OpenWhisk. Conceptually, we have a Manifest File and Deployment file which, along with the tool can be used to (at API invocation time) pass deploy-time info. to the tool to perform OBO functions. We could also add the ability to provide metadata that the tool could eventually use (e.g., API keys) to encrypt the data on a per-transactional basis. However, this (transactional crypto.) data would be assumed to be generated specific to the client/user/customer/device by the target Cloud platform and have one-time, time windowed viability to protect the other data/credentials.
Kind regards, Matt From: Dragos Dascalita Haut <[email protected]> To: "[email protected]" <[email protected]> Date: 01/19/2017 11:02 AM Subject: Passing security credentials to actions I'd like to create an action that communicates with another API. The action needs a client_id, a secret and/or a keyfile, and/or a private key pair. This is a typical scenario to authenticate a service call; there's an example at [1] describing what needs to be done for such a scenario. Assumptions : 1. we can't store credentials with the code in Git 2. if the action becomes part of a sequence we might not want the other actions in that sequence to have access to these credentials. we might want to restrict the credentials to be visible only to the action that needs them. There are 2 questions here: 1. How can developers associate such metadata (in the lack of a better term) to the action. 2. How can the action retrieve this metadata. I'm wondering if there are any thoughts on this already documented or if it's a problem we're yet to solve. Thanks, dragos [1] - https://developers.google.com/identity/protocols/OAuth2ServiceAccount
