You would need to update the KMIPSecretStore or create a new SecretStore to handle this. The logic should be behind the SecretStore abstraction because Barbican only allows one active secret store.
I would think that the configuration file would have a listing of available KMIP server URLs. The URL as to where each key is stored would not be in the DTO but rather in the metadata associated with a secret. The return calls for the generate and store methods would return this metadata. Then all of the other calls would need to parse the metadata to determine where the secret is stored, so it would contact the correct KMIP server. That's how I am envisioning it, but perhaps you have a better design in which case I would vote for that one :) -Nate __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev