IMO we need to have the solution within WSO2 products. Like its talking to OC in the bootup process.
Reason is, when we talk about securevault we need to assume that the evil person have full access to the host VM and containers. Thanks and regards, Thilina Piyasundara Systems Engineer Blog: thilina.piyasundara.org Linkedin: linkedin.com/in/thilinapiyasundara WSO2, Inc. <http://wso2.com/> lean . enterprise . middleware https://cloud.wso2.com On Wed, Mar 30, 2016 at 12:37 PM, Aruna Karunarathna <ar...@wso2.com> wrote: > > > On Wed, Mar 30, 2016 at 12:26 PM, Afkham Azeez <az...@wso2.com> wrote: > >> What if we modify secvault to be able to read the password from an env >> var? >> >> > Env variables for passwords in docker is not a good approach I believe. > > Can't we use something like [1], for docker containers? > > [1]. https://github.com/ehazlett/docker-volume-libsecret > > >> On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara <thili...@wso2.com> >> wrote: >> >>> Yes we can't use C4 approach. >>> We try to do it in docker environments but somehow we need to send the >>> password-tmp in to the dokcer (via puppet or environment variables). >>> >>> If we us docker volumes or if we store the password-tmp in the image >>> there is a possibility that anyone can get that root/main password if they >>> have access to the containers. Isn't it ? >>> >>> Thanks and regards, >>> >>> Thilina Piyasundara >>> Systems Engineer >>> >>> >>> Blog: thilina.piyasundara.org >>> Linkedin: linkedin.com/in/thilinapiyasundara >>> >>> WSO2, Inc. >>> >>> <http://wso2.com/> >>> lean . enterprise . middleware >>> https://cloud.wso2.com >>> >>> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez <az...@wso2.com> wrote: >>> >>>> In the container world, the sec vault files will get packed into the >>>> containers, and if there are changes to those files, you will need to >>>> create a new version of the container image. This is true for the rest of >>>> the configuration files as well. This goes with the concept of immutable >>>> servers. >>>> >>>> Azeez >>>> >>>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma <same...@wso2.com> >>>> wrote: >>>> >>>>> I believe we cannot apply the same thing we had in C4. We have to >>>>> think about how we can apply this for containers as well. Lets have a >>>>> quick >>>>> chat on this. >>>>> >>>>> Thanks, >>>>> Sameera. >>>>> >>>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda <hasi...@wso2.com> >>>>> wrote: >>>>> >>>>>> I think we have to target this for Hamming platform ? Because we have >>>>>> some configuration files like (*-datasource.xml) with passwords. >>>>>> >>>>>> Apart from securing passwords in configuration files, I think we will >>>>>> need secure vault support for runtime as well. In products like GW, ESB >>>>>> and >>>>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a >>>>>> central place to store encrypted credentials. >>>>>> >>>>>> Thanks, >>>>>> Hasitha. >>>>>> >>>>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez <az...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Simply porting the existing sec vault to work with C5 should be >>>>>>> sufficient. >>>>>>> >>>>>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <hasi...@wso2.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi team, >>>>>>>> >>>>>>>> How are we going to use $Subject in C5. Can we use existing secure >>>>>>>> vault implementation for this. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Hasitha. >>>>>>>> >>>>>>>> -- >>>>>>>> -- >>>>>>>> Hasitha Aravinda, >>>>>>>> Senior Software Engineer, >>>>>>>> WSO2 Inc. >>>>>>>> Email: hasi...@wso2.com >>>>>>>> Mobile : +94 718 210 200 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Afkham Azeez* >>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>> * <http://www.apache.org/>* >>>>>>> *email: **az...@wso2.com* <az...@wso2.com> >>>>>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>> <http://twitter.com/afkham_azeez> >>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>> >>>>>>> *Lean . Enterprise . Middleware* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -- >>>>>> Hasitha Aravinda, >>>>>> Senior Software Engineer, >>>>>> WSO2 Inc. >>>>>> Email: hasi...@wso2.com >>>>>> Mobile : +94 718 210 200 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Sameera Jayasoma, >>>>> Software Architect, >>>>> >>>>> WSO2, Inc. (http://wso2.com) >>>>> email: same...@wso2.com >>>>> blog: http://blog.sameera.org >>>>> twitter: https://twitter.com/sameerajayasoma >>>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>>>> Mobile: 0094776364456 >>>>> >>>>> Lean . Enterprise . Middleware >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Afkham Azeez* >>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> * <http://www.apache.org/>* >>>> *email: **az...@wso2.com* <az...@wso2.com> >>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>> *twitter: **http://twitter.com/afkham_azeez* >>>> <http://twitter.com/afkham_azeez> >>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>> >>>> *Lean . Enterprise . Middleware* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>* >> *email: **az...@wso2.com* <az...@wso2.com> >> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * >> *http://blog.afkham.org* <http://blog.afkham.org> >> *twitter: **http://twitter.com/afkham_azeez* >> <http://twitter.com/afkham_azeez> >> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >> <http://lk.linkedin.com/in/afkhamazeez>* >> >> *Lean . Enterprise . Middleware* >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > *Aruna Sujith Karunarathna * > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 71 9040362 | Work: +94 112145345 > Email: ar...@wso2.com | Web: www.wso2.com > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
