Hi all, We are trying to add secure-vault implementation to C5. Please find the architecture email with subject[1] to track the discussion. In the meantime I have started evaluating the C4 cipher-tool and securevault implementation and adding the secure-vault support to the C5.
Below are some of the issues that I need to get clarified: 1. I am currently adding the cipher-tool implementation under carbon-tools [2]. This implementation will be maintained under carbon-kernel. As per the C4 implementation we have added cipher-tool support to use in non-wso2 environment where user need to provide a separate configuration file with name " cipher-standalone-config.properties". Is this still required with C5? 2. With C5 we use yaml files to maintain server configuration. If we are to add keystore configuration (eg:alias, keystore-password, keystore-location etc) to carbon.yml, we have to update the CarbonConfiguration.java [4] with keystore configuration. Also to access the carbon configuration via YAMLBasedConfigProvider [5] , we may add a carbon-core as a dependency to carbon-tool. In order to avoid this for the cipher-tool implementation, I can read carbon.yml to a Map and use only the keystore related configuration which is needed for running cipher-tool. But still adding new configuration to carbon.yaml will need to update CarbonConfiguration.java [4]. Any thoughts on this? 3. What is the location to add secure-vault implementation? Currently I have added this under carbon-core (changes are not committed yet). Shall we maintain in a separate repo? 4. We refer a properties file with name "secret-manager.properties", in SecretManager.java[6] in secure-vault implementation. This is the first file to read the configuration when initializing the secret manager. We save the configuration details in a secret-conf.properties file after running the cipher-tool. But I could not find the above mentioned file in carbon products. Appreciate any help on this. [1] "Introducing Secure-Vault support to C5" [2] https://github.com/wso2/carbon-kernel/tree/master/tools [3] https://github.com/wso2/cipher-tool/blob/master/components/ciphertool/src/main/java/org/wso2/ciphertool/utils/Utils.java#L242 [4] https://github.com/wso2/carbon-kernel/blob/master/core/src/main/java/org/wso2/carbon/kernel/config/model/CarbonConfiguration.java [5] https://github.com/wso2/carbon-kernel/blob/master/core/src/main/java/org/wso2/carbon/kernel/internal/config/YAMLBasedConfigProvider.java [6] http://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.0.0/dependencies/securevault/1.0.0-wso2v2/src/main/java/org/wso2/securevault/secret/SecretManager.java Thanks, Nipuni -- Nipuni Perera Software Engineer; WSO2 Inc.; http://wso2.com Email: [email protected] Git hub profile: https://github.com/nipuni Blog : http://nipunipererablog.blogspot.com/ Mobile: +94 (71) 5626680 <http://wso2.com>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
