IMO we need to have the solution within WSO2 products. Like its talking to OC in the bootup process.
Reason is, when we talk about securevault we need to assume that the evil person have full access to the host VM and containers. Thanks and regards, Thilina Piyasundara Systems Engineer Blog: thilina.piyasundara.org Linkedin: linkedin.com/in/thilinapiyasundara WSO2, Inc. <http://wso2.com/> lean . enterprise . middleware https://cloud.wso2.com On Wed, Mar 30, 2016 at 12:37 PM, Aruna Karunarathna <[email protected]> wrote: > > > On Wed, Mar 30, 2016 at 12:26 PM, Afkham Azeez <[email protected]> wrote: > >> What if we modify secvault to be able to read the password from an env >> var? >> >> > Env variables for passwords in docker is not a good approach I believe. > > Can't we use something like [1], for docker containers? > > [1]. https://github.com/ehazlett/docker-volume-libsecret > > >> On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara <[email protected]> >> wrote: >> >>> Yes we can't use C4 approach. >>> We try to do it in docker environments but somehow we need to send the >>> password-tmp in to the dokcer (via puppet or environment variables). >>> >>> If we us docker volumes or if we store the password-tmp in the image >>> there is a possibility that anyone can get that root/main password if they >>> have access to the containers. Isn't it ? >>> >>> Thanks and regards, >>> >>> Thilina Piyasundara >>> Systems Engineer >>> >>> >>> Blog: thilina.piyasundara.org >>> Linkedin: linkedin.com/in/thilinapiyasundara >>> >>> WSO2, Inc. >>> >>> <http://wso2.com/> >>> lean . enterprise . middleware >>> https://cloud.wso2.com >>> >>> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez <[email protected]> wrote: >>> >>>> In the container world, the sec vault files will get packed into the >>>> containers, and if there are changes to those files, you will need to >>>> create a new version of the container image. This is true for the rest of >>>> the configuration files as well. This goes with the concept of immutable >>>> servers. >>>> >>>> Azeez >>>> >>>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma <[email protected]> >>>> wrote: >>>> >>>>> I believe we cannot apply the same thing we had in C4. We have to >>>>> think about how we can apply this for containers as well. Lets have a >>>>> quick >>>>> chat on this. >>>>> >>>>> Thanks, >>>>> Sameera. >>>>> >>>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda <[email protected]> >>>>> wrote: >>>>> >>>>>> I think we have to target this for Hamming platform ? Because we have >>>>>> some configuration files like (*-datasource.xml) with passwords. >>>>>> >>>>>> Apart from securing passwords in configuration files, I think we will >>>>>> need secure vault support for runtime as well. In products like GW, ESB >>>>>> and >>>>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a >>>>>> central place to store encrypted credentials. >>>>>> >>>>>> Thanks, >>>>>> Hasitha. >>>>>> >>>>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Simply porting the existing sec vault to work with C5 should be >>>>>>> sufficient. >>>>>>> >>>>>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <[email protected] >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi team, >>>>>>>> >>>>>>>> How are we going to use $Subject in C5. Can we use existing secure >>>>>>>> vault implementation for this. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Hasitha. >>>>>>>> >>>>>>>> -- >>>>>>>> -- >>>>>>>> Hasitha Aravinda, >>>>>>>> Senior Software Engineer, >>>>>>>> WSO2 Inc. >>>>>>>> Email: [email protected] >>>>>>>> Mobile : +94 718 210 200 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Afkham Azeez* >>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>> * <http://www.apache.org/>* >>>>>>> *email: **[email protected]* <[email protected]> >>>>>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>> <http://twitter.com/afkham_azeez> >>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>> >>>>>>> *Lean . Enterprise . Middleware* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -- >>>>>> Hasitha Aravinda, >>>>>> Senior Software Engineer, >>>>>> WSO2 Inc. >>>>>> Email: [email protected] >>>>>> Mobile : +94 718 210 200 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Sameera Jayasoma, >>>>> Software Architect, >>>>> >>>>> WSO2, Inc. (http://wso2.com) >>>>> email: [email protected] >>>>> blog: http://blog.sameera.org >>>>> twitter: https://twitter.com/sameerajayasoma >>>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>>>> Mobile: 0094776364456 >>>>> >>>>> Lean . Enterprise . Middleware >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Afkham Azeez* >>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> * <http://www.apache.org/>* >>>> *email: **[email protected]* <[email protected]> >>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>> *twitter: **http://twitter.com/afkham_azeez* >>>> <http://twitter.com/afkham_azeez> >>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>> >>>> *Lean . Enterprise . Middleware* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>* >> *email: **[email protected]* <[email protected]> >> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >> *http://blog.afkham.org* <http://blog.afkham.org> >> *twitter: **http://twitter.com/afkham_azeez* >> <http://twitter.com/afkham_azeez> >> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >> <http://lk.linkedin.com/in/afkhamazeez>* >> >> *Lean . Enterprise . Middleware* >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > *Aruna Sujith Karunarathna * > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 71 9040362 | Work: +94 112145345 > Email: [email protected] | Web: www.wso2.com > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
