[
https://issues.apache.org/jira/browse/HDDS-7814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mikhail Pochatkin updated HDDS-7814:
------------------------------------
Description: The S3 secrets are currently stored in the RocksDB of the
Ozone manager nodes. With this approach, it is not possible to separate the
storage of secrets from nodes with an ozone manager. This is a limitation in
some environments, for various reasons, such as security issues, so it is
proposed to add the ability to store secrets separately from the ozone
managers. One of the options for storing secrets would be to use a third-party
solution, an example of HashiСorp Vault . Therefore, it is proposed to add the
implementation of the storage of S3 secrets based on a remote http server. It
is proposed to configure the type of storage using a special property in the
ozone site. Leave the current RocksDB as the default implementation to maintain
backwards compatibility. (was: The S3 secrets are currently stored in the
RocksDB of the Ozone manager nodes. With this approach, it is not possible to
separate the storage of secrets from nodes with an ozone manager. This is a
limitation in some environments, for various reasons, such as security issues,
so it is proposed to add the ability to store secrets separately from the ozone
managers. One of the options for storing secrets would be to use a third-party
solution, an example of HashiСorp Vault . Therefore, it is proposed to add the
implementation of the storage of c3 secrets based on a remote http server. It
is proposed to configure the type of storage using a special property in the
ozone site. Leave the current RocksDB as the default implementation to maintain
backwards compatibility.)
> Implement remote S3 secret storage
> ----------------------------------
>
> Key: HDDS-7814
> URL: https://issues.apache.org/jira/browse/HDDS-7814
> Project: Apache Ozone
> Issue Type: Improvement
> Components: S3
> Affects Versions: 1.4.0
> Reporter: Mikhail Pochatkin
> Priority: Major
>
> The S3 secrets are currently stored in the RocksDB of the Ozone manager
> nodes. With this approach, it is not possible to separate the storage of
> secrets from nodes with an ozone manager. This is a limitation in some
> environments, for various reasons, such as security issues, so it is proposed
> to add the ability to store secrets separately from the ozone managers. One
> of the options for storing secrets would be to use a third-party solution, an
> example of HashiСorp Vault . Therefore, it is proposed to add the
> implementation of the storage of S3 secrets based on a remote http server. It
> is proposed to configure the type of storage using a special property in the
> ozone site. Leave the current RocksDB as the default implementation to
> maintain backwards compatibility.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
