On Wed, Mar 30, 2016 at 12:26 PM, Afkham Azeez <[email protected]> wrote:
> What if we modify secvault to be able to read the password from an env var? > > Env variables for passwords in docker is not a good approach I believe. Can't we use something like [1], for docker containers? [1]. https://github.com/ehazlett/docker-volume-libsecret > On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara <[email protected]> > wrote: > >> Yes we can't use C4 approach. >> We try to do it in docker environments but somehow we need to send the >> password-tmp in to the dokcer (via puppet or environment variables). >> >> If we us docker volumes or if we store the password-tmp in the image >> there is a possibility that anyone can get that root/main password if they >> have access to the containers. Isn't it ? >> >> Thanks and regards, >> >> Thilina Piyasundara >> Systems Engineer >> >> >> Blog: thilina.piyasundara.org >> Linkedin: linkedin.com/in/thilinapiyasundara >> >> WSO2, Inc. >> >> <http://wso2.com/> >> lean . enterprise . middleware >> https://cloud.wso2.com >> >> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez <[email protected]> wrote: >> >>> In the container world, the sec vault files will get packed into the >>> containers, and if there are changes to those files, you will need to >>> create a new version of the container image. This is true for the rest of >>> the configuration files as well. This goes with the concept of immutable >>> servers. >>> >>> Azeez >>> >>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma <[email protected]> >>> wrote: >>> >>>> I believe we cannot apply the same thing we had in C4. We have to think >>>> about how we can apply this for containers as well. Lets have a quick chat >>>> on this. >>>> >>>> Thanks, >>>> Sameera. >>>> >>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda <[email protected]> >>>> wrote: >>>> >>>>> I think we have to target this for Hamming platform ? Because we have >>>>> some configuration files like (*-datasource.xml) with passwords. >>>>> >>>>> Apart from securing passwords in configuration files, I think we will >>>>> need secure vault support for runtime as well. In products like GW, ESB >>>>> and >>>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a >>>>> central place to store encrypted credentials. >>>>> >>>>> Thanks, >>>>> Hasitha. >>>>> >>>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez <[email protected]> wrote: >>>>> >>>>>> Simply porting the existing sec vault to work with C5 should be >>>>>> sufficient. >>>>>> >>>>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi team, >>>>>>> >>>>>>> How are we going to use $Subject in C5. Can we use existing secure >>>>>>> vault implementation for this. >>>>>>> >>>>>>> Thanks, >>>>>>> Hasitha. >>>>>>> >>>>>>> -- >>>>>>> -- >>>>>>> Hasitha Aravinda, >>>>>>> Senior Software Engineer, >>>>>>> WSO2 Inc. >>>>>>> Email: [email protected] >>>>>>> Mobile : +94 718 210 200 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Afkham Azeez* >>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>> * <http://www.apache.org/>* >>>>>> *email: **[email protected]* <[email protected]> >>>>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>> <http://twitter.com/afkham_azeez> >>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>> >>>>>> *Lean . Enterprise . Middleware* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> Hasitha Aravinda, >>>>> Senior Software Engineer, >>>>> WSO2 Inc. >>>>> Email: [email protected] >>>>> Mobile : +94 718 210 200 >>>>> >>>> >>>> >>>> >>>> -- >>>> Sameera Jayasoma, >>>> Software Architect, >>>> >>>> WSO2, Inc. (http://wso2.com) >>>> email: [email protected] >>>> blog: http://blog.sameera.org >>>> twitter: https://twitter.com/sameerajayasoma >>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>>> Mobile: 0094776364456 >>>> >>>> Lean . Enterprise . Middleware >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>* >>> *email: **[email protected]* <[email protected]> >>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>> *http://blog.afkham.org* <http://blog.afkham.org> >>> *twitter: **http://twitter.com/afkham_azeez* >>> <http://twitter.com/afkham_azeez> >>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>> <http://lk.linkedin.com/in/afkhamazeez>* >>> >>> *Lean . Enterprise . Middleware* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>* > *email: **[email protected]* <[email protected]> > * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * > *http://blog.afkham.org* <http://blog.afkham.org> > *twitter: **http://twitter.com/afkham_azeez* > <http://twitter.com/afkham_azeez> > *linked-in: **http://lk.linkedin.com/in/afkhamazeez > <http://lk.linkedin.com/in/afkhamazeez>* > > *Lean . Enterprise . Middleware* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Aruna Sujith Karunarathna * WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka Mobile: +94 71 9040362 | Work: +94 112145345 Email: [email protected] | Web: www.wso2.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
