Re: [Dev] Secure vault for C5 ?

[Niranjan Karunanandham]

Hi Thilina,

On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara 
wrote:

> Yes we can't use C4 approach.
> We try to do it in docker environments but somehow we need to send the
> password-tmp in to the dokcer (via puppet or environment variables).
>
> If we us docker volumes or if we store the password-tmp in the image there
> is a possibility that anyone can get that root/main password if they have
> access to the containers. Isn't it ?
>
You can write your own implement for this by writing a new Secret Callback
Handler class as mentioned in [1] [2].


>
> Thanks and regards,
>
> Thilina Piyasundara
> Systems Engineer
> ​
> ​
> Blog: thilina.piyasundara.org
> Linkedin: linkedin.com/in/thilinapiyasundara
>
> WSO2, Inc.
> ​
> ​ 
> lean . enterprise . middleware
> https://cloud.wso2.com
>
> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:
>
>> In the container world, the sec vault files will get packed into the
>> containers, and if there are changes to those files, you will need to
>> create a new version of the container image. This is true for the rest of
>> the configuration files as well. This goes with the concept of immutable
>> servers.
>>
>> Azeez
>>
>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
>> wrote:
>>
>>> I believe we cannot apply the same thing we had in C4. We have to think
>>> about how we can apply this for containers as well. Lets have a quick chat
>>> on this.
>>>
>>> Thanks,
>>> Sameera.
>>>
>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
>>> wrote:
>>>
 I think we have to target this for Hamming platform ? Because we have
 some configuration files like (*-datasource.xml) with passwords.

 Apart from securing passwords in configuration files, I think we will
 need secure vault support for runtime as well. In products like GW, ESB and
 BPS do secure services invocations, (i.e BasicAuth) and we will need a
 central place to store encrypted credentials.

 Thanks,
 Hasitha.

 On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:

> Simply porting the existing sec vault to work with C5 should be
> sufficient.
>
> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
> wrote:
>
>> Hi team,
>>
>> How are we going to use $Subject in C5. Can we use existing secure
>> vault implementation for this.
>>
>> Thanks,
>> Hasitha.
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>



 --
 --
 Hasitha Aravinda,
 Senior Software Engineer,
 WSO2 Inc.
 Email: hasi...@wso2.com
 Mobile : +94 718 210 200

>>>
>>>
>>>
>>> --
>>> Sameera Jayasoma,
>>> Software Architect,
>>>
>>> WSO2, Inc. (http://wso2.com)
>>> email: same...@wso2.com
>>> blog: http://blog.sameera.org
>>> twitter: https://twitter.com/sameerajayasoma
>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
>>> Mobile: 0094776364456
>>>
>>> Lean . Enterprise . Middleware
>>>
>>>
>>
>>
>> --
>> *Afkham Azeez*
>> Director of Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
[1] -
https://docs.wso2.com/display/Carbon420/Carbon+Secure+Vault+Implementation#CarbonSecureVaultImplementation-CreatecustomSecureVaultconfiguration
[2] -
http://xacmlinfo.org/2012/08/12/secure-plain-text-passwords-in-wso2-carbon-configuration-files

Regards,
Nira

-- 

*Niranjan Karunanandham*
Senior Software Engineer 

Re: [Dev] Secure vault for C5 ?

[Firzhan Naqash]

We can have kube secret variables to read password [1]

[1] [1] http://kubernetes.io/docs/user-guide/secrets/

Regards,
Firzhan


-- 
*Firzhan Naqash*
Senior Software Engineer - Integration Platform Team
WSO2 Inc. http://wso2.com

email: firz...@wso2.com
mobile: (+94) 77 9785674 <%28%2B94%29%2071%205247551>*|
blog: http://firzhanblogger.blogspot.com/
  *
*twitter: https://twitter.com/firzhan007  |
linked-in: **https://www.linkedin.com/in/firzhan
*

On Thu, Apr 7, 2016 at 11:29 AM, Manuranga Perera  wrote:

>
> On Thu, Apr 7, 2016 at 9:59 PM, Manuranga Perera  wrote:
>
>> be may be bit too complex to implement though
>
>
> It may be bit too complex to implement though
>
>
> --
> With regards,
> *Manu*ranga Perera.
>
> phone : 071 7 70 20 50
> mail : m...@wso2.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Manuranga Perera]

On Thu, Apr 7, 2016 at 9:59 PM, Manuranga Perera  wrote:

> be may be bit too complex to implement though


It may be bit too complex to implement though


-- 
With regards,
*Manu*ranga Perera.

phone : 071 7 70 20 50
mail : m...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Manuranga Perera]

One improvement we can do is take the decrypting entity out and give it
some rules such as
1) Check requester's network address
2) Check if it has real requirement to scale out, eg: high traffic

(a) container ---{secret}Kb,Ka-rand--> (b) central
decrypting service out side Docker

(a) container <---{secret}Ka-rand---  (b) central
decrypting service out side Docker


I'll be may be bit too complex to implement though


On Wed, Mar 30, 2016 at 12:44 PM, Thilina Piyasundara 
wrote:

> IMO we need to have the solution within WSO2 products. Like its talking to
> OC in the bootup process.
>
> Reason is, when we talk about securevault we need to assume that the evil
> person have full access to the host VM and containers.
>
> Thanks and regards,
>
> Thilina Piyasundara
> Systems Engineer
> ​
> ​
> Blog: thilina.piyasundara.org
> Linkedin: linkedin.com/in/thilinapiyasundara
>
> WSO2, Inc.
> ​
> ​ 
> lean . enterprise . middleware
> https://cloud.wso2.com
>
> On Wed, Mar 30, 2016 at 12:37 PM, Aruna Karunarathna 
> wrote:
>
>>
>>
>> On Wed, Mar 30, 2016 at 12:26 PM, Afkham Azeez  wrote:
>>
>>> What if we modify secvault to be able to read the password from an env
>>> var?
>>>
>>>
>> Env variables for passwords in docker is not a good approach I believe.
>>
>> Can't we use something like [1], for docker containers?
>>
>> [1]. https://github.com/ehazlett/docker-volume-libsecret
>>
>>
>>> On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara >> > wrote:
>>>
 Yes we can't use C4 approach.
 We try to do it in docker environments but somehow we need to send the
 password-tmp in to the dokcer (via puppet or environment variables).

 If we us docker volumes or if we store the password-tmp in the image
 there is a possibility that anyone can get that root/main password if they
 have access to the containers. Isn't it ?

 Thanks and regards,

 Thilina Piyasundara
 Systems Engineer
 ​
 ​
 Blog: thilina.piyasundara.org
 Linkedin: linkedin.com/in/thilinapiyasundara

 WSO2, Inc.
 ​
 ​ 
 lean . enterprise . middleware
 https://cloud.wso2.com

 On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:

> In the container world, the sec vault files will get packed into the
> containers, and if there are changes to those files, you will need to
> create a new version of the container image. This is true for the rest of
> the configuration files as well. This goes with the concept of immutable
> servers.
>
> Azeez
>
> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
> wrote:
>
>> I believe we cannot apply the same thing we had in C4. We have to
>> think about how we can apply this for containers as well. Lets have a 
>> quick
>> chat on this.
>>
>> Thanks,
>> Sameera.
>>
>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
>> wrote:
>>
>>> I think we have to target this for Hamming platform ? Because we
>>> have some configuration files like (*-datasource.xml) with passwords.
>>>
>>> Apart from securing passwords in configuration files, I think we
>>> will need secure vault support for runtime as well. In products like GW,
>>> ESB and BPS do secure services invocations, (i.e BasicAuth) and we will
>>> need a central place to store encrypted credentials.
>>>
>>> Thanks,
>>> Hasitha.
>>>
>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez 
>>> wrote:
>>>
 Simply porting the existing sec vault to work with C5 should be
 sufficient.

 On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda <
 hasi...@wso2.com> wrote:

> Hi team,
>
> How are we going to use $Subject in C5. Can we use existing secure
> vault implementation for this.
>
> Thanks,
> Hasitha.
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



 --
 *Afkham Azeez*
 Director of Architecture; WSO2, Inc.; http://wso2.com
 Member; Apache Software Foundation; http://www.apache.org/
 * *
 *email: **az...@wso2.com* 
 * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
 *http://blog.afkham.org* 
 *twitter: **http://twitter.com/afkham_azeez*
 
 *linked-in: **http://lk.linkedin.com/in/afkhamazeez
 *

 *Lean . Enterprise . 

Re: [Dev] Secure vault for C5 ?

[Thilina Piyasundara]

IMO we need to have the solution within WSO2 products. Like its talking to
OC in the bootup process.

Reason is, when we talk about securevault we need to assume that the evil
person have full access to the host VM and containers.

Thanks and regards,

Thilina Piyasundara
Systems Engineer
​
​
Blog: thilina.piyasundara.org
Linkedin: linkedin.com/in/thilinapiyasundara

WSO2, Inc.
​
​ 
lean . enterprise . middleware
https://cloud.wso2.com

On Wed, Mar 30, 2016 at 12:37 PM, Aruna Karunarathna  wrote:

>
>
> On Wed, Mar 30, 2016 at 12:26 PM, Afkham Azeez  wrote:
>
>> What if we modify secvault to be able to read the password from an env
>> var?
>>
>>
> Env variables for passwords in docker is not a good approach I believe.
>
> Can't we use something like [1], for docker containers?
>
> [1]. https://github.com/ehazlett/docker-volume-libsecret
>
>
>> On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara 
>> wrote:
>>
>>> Yes we can't use C4 approach.
>>> We try to do it in docker environments but somehow we need to send the
>>> password-tmp in to the dokcer (via puppet or environment variables).
>>>
>>> If we us docker volumes or if we store the password-tmp in the image
>>> there is a possibility that anyone can get that root/main password if they
>>> have access to the containers. Isn't it ?
>>>
>>> Thanks and regards,
>>>
>>> Thilina Piyasundara
>>> Systems Engineer
>>> ​
>>> ​
>>> Blog: thilina.piyasundara.org
>>> Linkedin: linkedin.com/in/thilinapiyasundara
>>>
>>> WSO2, Inc.
>>> ​
>>> ​ 
>>> lean . enterprise . middleware
>>> https://cloud.wso2.com
>>>
>>> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:
>>>
 In the container world, the sec vault files will get packed into the
 containers, and if there are changes to those files, you will need to
 create a new version of the container image. This is true for the rest of
 the configuration files as well. This goes with the concept of immutable
 servers.

 Azeez

 On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
 wrote:

> I believe we cannot apply the same thing we had in C4. We have to
> think about how we can apply this for containers as well. Lets have a 
> quick
> chat on this.
>
> Thanks,
> Sameera.
>
> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
> wrote:
>
>> I think we have to target this for Hamming platform ? Because we have
>> some configuration files like (*-datasource.xml) with passwords.
>>
>> Apart from securing passwords in configuration files, I think we will
>> need secure vault support for runtime as well. In products like GW, ESB 
>> and
>> BPS do secure services invocations, (i.e BasicAuth) and we will need a
>> central place to store encrypted credentials.
>>
>> Thanks,
>> Hasitha.
>>
>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez 
>> wrote:
>>
>>> Simply porting the existing sec vault to work with C5 should be
>>> sufficient.
>>>
>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda >> > wrote:
>>>
 Hi team,

 How are we going to use $Subject in C5. Can we use existing secure
 vault implementation for this.

 Thanks,
 Hasitha.

 --
 --
 Hasitha Aravinda,
 Senior Software Engineer,
 WSO2 Inc.
 Email: hasi...@wso2.com
 Mobile : +94 718 210 200

>>>
>>>
>>>
>>> --
>>> *Afkham Azeez*
>>> Director of Architecture; WSO2, Inc.; http://wso2.com
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> * *
>>> *email: **az...@wso2.com* 
>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>>> *http://blog.afkham.org* 
>>> *twitter: **http://twitter.com/afkham_azeez*
>>> 
>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>>> *
>>>
>>> *Lean . Enterprise . Middleware*
>>>
>>
>>
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> Sameera Jayasoma,
> Software Architect,
>
> WSO2, Inc. (http://wso2.com)
> email: same...@wso2.com
> blog: http://blog.sameera.org
> twitter: https://twitter.com/sameerajayasoma
> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
> Mobile: 0094776364456
>
> Lean . Enterprise . Middleware
>
>


 --
 *Afkham Azeez*
 Director of Architecture; WSO2, Inc.; http://wso2.com
 

Re: [Dev] Secure vault for C5 ?

[Aruna Karunarathna]

On Wed, Mar 30, 2016 at 12:26 PM, Afkham Azeez  wrote:

> What if we modify secvault to be able to read the password from an env var?
>
>
Env variables for passwords in docker is not a good approach I believe.

Can't we use something like [1], for docker containers?

[1]. https://github.com/ehazlett/docker-volume-libsecret


> On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara 
> wrote:
>
>> Yes we can't use C4 approach.
>> We try to do it in docker environments but somehow we need to send the
>> password-tmp in to the dokcer (via puppet or environment variables).
>>
>> If we us docker volumes or if we store the password-tmp in the image
>> there is a possibility that anyone can get that root/main password if they
>> have access to the containers. Isn't it ?
>>
>> Thanks and regards,
>>
>> Thilina Piyasundara
>> Systems Engineer
>> ​
>> ​
>> Blog: thilina.piyasundara.org
>> Linkedin: linkedin.com/in/thilinapiyasundara
>>
>> WSO2, Inc.
>> ​
>> ​ 
>> lean . enterprise . middleware
>> https://cloud.wso2.com
>>
>> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:
>>
>>> In the container world, the sec vault files will get packed into the
>>> containers, and if there are changes to those files, you will need to
>>> create a new version of the container image. This is true for the rest of
>>> the configuration files as well. This goes with the concept of immutable
>>> servers.
>>>
>>> Azeez
>>>
>>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
>>> wrote:
>>>
 I believe we cannot apply the same thing we had in C4. We have to think
 about how we can apply this for containers as well. Lets have a quick chat
 on this.

 Thanks,
 Sameera.

 On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
 wrote:

> I think we have to target this for Hamming platform ? Because we have
> some configuration files like (*-datasource.xml) with passwords.
>
> Apart from securing passwords in configuration files, I think we will
> need secure vault support for runtime as well. In products like GW, ESB 
> and
> BPS do secure services invocations, (i.e BasicAuth) and we will need a
> central place to store encrypted credentials.
>
> Thanks,
> Hasitha.
>
> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:
>
>> Simply porting the existing sec vault to work with C5 should be
>> sufficient.
>>
>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
>> wrote:
>>
>>> Hi team,
>>>
>>> How are we going to use $Subject in C5. Can we use existing secure
>>> vault implementation for this.
>>>
>>> Thanks,
>>> Hasitha.
>>>
>>> --
>>> --
>>> Hasitha Aravinda,
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> Email: hasi...@wso2.com
>>> Mobile : +94 718 210 200
>>>
>>
>>
>>
>> --
>> *Afkham Azeez*
>> Director of Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>
>
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://blog.sameera.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware


>>>
>>>
>>> --
>>> *Afkham Azeez*
>>> Director of Architecture; WSO2, Inc.; http://wso2.com
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> * *
>>> *email: **az...@wso2.com* 
>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>>> *http://blog.afkham.org* 
>>> *twitter: **http://twitter.com/afkham_azeez*
>>> 
>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>>> *
>>>
>>> *Lean . Enterprise . Middleware*
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com

Re: [Dev] Secure vault for C5 ?

[Afkham Azeez]

What if we modify secvault to be able to read the password from an env var?

On Wed, Mar 30, 2016 at 12:19 PM, Thilina Piyasundara 
wrote:

> Yes we can't use C4 approach.
> We try to do it in docker environments but somehow we need to send the
> password-tmp in to the dokcer (via puppet or environment variables).
>
> If we us docker volumes or if we store the password-tmp in the image there
> is a possibility that anyone can get that root/main password if they have
> access to the containers. Isn't it ?
>
> Thanks and regards,
>
> Thilina Piyasundara
> Systems Engineer
> ​
> ​
> Blog: thilina.piyasundara.org
> Linkedin: linkedin.com/in/thilinapiyasundara
>
> WSO2, Inc.
> ​
> ​ 
> lean . enterprise . middleware
> https://cloud.wso2.com
>
> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:
>
>> In the container world, the sec vault files will get packed into the
>> containers, and if there are changes to those files, you will need to
>> create a new version of the container image. This is true for the rest of
>> the configuration files as well. This goes with the concept of immutable
>> servers.
>>
>> Azeez
>>
>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
>> wrote:
>>
>>> I believe we cannot apply the same thing we had in C4. We have to think
>>> about how we can apply this for containers as well. Lets have a quick chat
>>> on this.
>>>
>>> Thanks,
>>> Sameera.
>>>
>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
>>> wrote:
>>>
 I think we have to target this for Hamming platform ? Because we have
 some configuration files like (*-datasource.xml) with passwords.

 Apart from securing passwords in configuration files, I think we will
 need secure vault support for runtime as well. In products like GW, ESB and
 BPS do secure services invocations, (i.e BasicAuth) and we will need a
 central place to store encrypted credentials.

 Thanks,
 Hasitha.

 On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:

> Simply porting the existing sec vault to work with C5 should be
> sufficient.
>
> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
> wrote:
>
>> Hi team,
>>
>> How are we going to use $Subject in C5. Can we use existing secure
>> vault implementation for this.
>>
>> Thanks,
>> Hasitha.
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>



 --
 --
 Hasitha Aravinda,
 Senior Software Engineer,
 WSO2 Inc.
 Email: hasi...@wso2.com
 Mobile : +94 718 210 200

>>>
>>>
>>>
>>> --
>>> Sameera Jayasoma,
>>> Software Architect,
>>>
>>> WSO2, Inc. (http://wso2.com)
>>> email: same...@wso2.com
>>> blog: http://blog.sameera.org
>>> twitter: https://twitter.com/sameerajayasoma
>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
>>> Mobile: 0094776364456
>>>
>>> Lean . Enterprise . Middleware
>>>
>>>
>>
>>
>> --
>> *Afkham Azeez*
>> Director of Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>


-- 
*Afkham Azeez*
Director of Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*

Re: [Dev] Secure vault for C5 ?

[Thilina Piyasundara]

So if the password is in env anyone having access to container also can get
that isn't it?

Thanks and regards,

Thilina Piyasundara
Systems Engineer
​
​
Blog: thilina.piyasundara.org
Linkedin: linkedin.com/in/thilinapiyasundara

WSO2, Inc.
​
​ 
lean . enterprise . middleware
https://cloud.wso2.com

On Wed, Mar 30, 2016 at 12:19 PM, Afkham Azeez  wrote:

> It can be passed in as an env variable when starting the container
>
> On Wed, Mar 30, 2016 at 12:16 PM, Hasitha Aravinda 
> wrote:
>
>> One limitation we had in C4 based secure vault is once enabled we have to
>> provide the keystore password at every server start. I think we have to
>> look how we can overcome this limitation in container world.
>>
>> Thanks,
>> Hasitha.
>>
>> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:
>>
>>> In the container world, the sec vault files will get packed into the
>>> containers, and if there are changes to those files, you will need to
>>> create a new version of the container image. This is true for the rest of
>>> the configuration files as well. This goes with the concept of immutable
>>> servers.
>>>
>>> Azeez
>>>
>>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
>>> wrote:
>>>
 I believe we cannot apply the same thing we had in C4. We have to think
 about how we can apply this for containers as well. Lets have a quick chat
 on this.

 Thanks,
 Sameera.

 On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
 wrote:

> I think we have to target this for Hamming platform ? Because we have
> some configuration files like (*-datasource.xml) with passwords.
>
> Apart from securing passwords in configuration files, I think we will
> need secure vault support for runtime as well. In products like GW, ESB 
> and
> BPS do secure services invocations, (i.e BasicAuth) and we will need a
> central place to store encrypted credentials.
>
> Thanks,
> Hasitha.
>
> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:
>
>> Simply porting the existing sec vault to work with C5 should be
>> sufficient.
>>
>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
>> wrote:
>>
>>> Hi team,
>>>
>>> How are we going to use $Subject in C5. Can we use existing secure
>>> vault implementation for this.
>>>
>>> Thanks,
>>> Hasitha.
>>>
>>> --
>>> --
>>> Hasitha Aravinda,
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> Email: hasi...@wso2.com
>>> Mobile : +94 718 210 200
>>>
>>
>>
>>
>> --
>> *Afkham Azeez*
>> Director of Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>
>
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://blog.sameera.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware


>>>
>>>
>>> --
>>> *Afkham Azeez*
>>> Director of Architecture; WSO2, Inc.; http://wso2.com
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> * *
>>> *email: **az...@wso2.com* 
>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>>> *http://blog.afkham.org* 
>>> *twitter: **http://twitter.com/afkham_azeez*
>>> 
>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>>> *
>>>
>>> *Lean . Enterprise . Middleware*
>>>
>>
>>
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 

Re: [Dev] Secure vault for C5 ?

[Thilina Piyasundara]

Yes we can't use C4 approach.
We try to do it in docker environments but somehow we need to send the
password-tmp in to the dokcer (via puppet or environment variables).

If we us docker volumes or if we store the password-tmp in the image there
is a possibility that anyone can get that root/main password if they have
access to the containers. Isn't it ?

Thanks and regards,

Thilina Piyasundara
Systems Engineer
​
​
Blog: thilina.piyasundara.org
Linkedin: linkedin.com/in/thilinapiyasundara

WSO2, Inc.
​
​ 
lean . enterprise . middleware
https://cloud.wso2.com

On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:

> In the container world, the sec vault files will get packed into the
> containers, and if there are changes to those files, you will need to
> create a new version of the container image. This is true for the rest of
> the configuration files as well. This goes with the concept of immutable
> servers.
>
> Azeez
>
> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
> wrote:
>
>> I believe we cannot apply the same thing we had in C4. We have to think
>> about how we can apply this for containers as well. Lets have a quick chat
>> on this.
>>
>> Thanks,
>> Sameera.
>>
>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
>> wrote:
>>
>>> I think we have to target this for Hamming platform ? Because we have
>>> some configuration files like (*-datasource.xml) with passwords.
>>>
>>> Apart from securing passwords in configuration files, I think we will
>>> need secure vault support for runtime as well. In products like GW, ESB and
>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a
>>> central place to store encrypted credentials.
>>>
>>> Thanks,
>>> Hasitha.
>>>
>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:
>>>
 Simply porting the existing sec vault to work with C5 should be
 sufficient.

 On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
 wrote:

> Hi team,
>
> How are we going to use $Subject in C5. Can we use existing secure
> vault implementation for this.
>
> Thanks,
> Hasitha.
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



 --
 *Afkham Azeez*
 Director of Architecture; WSO2, Inc.; http://wso2.com
 Member; Apache Software Foundation; http://www.apache.org/
 * *
 *email: **az...@wso2.com* 
 * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
 *http://blog.afkham.org* 
 *twitter: **http://twitter.com/afkham_azeez*
 
 *linked-in: **http://lk.linkedin.com/in/afkhamazeez
 *

 *Lean . Enterprise . Middleware*

>>>
>>>
>>>
>>> --
>>> --
>>> Hasitha Aravinda,
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> Email: hasi...@wso2.com
>>> Mobile : +94 718 210 200
>>>
>>
>>
>>
>> --
>> Sameera Jayasoma,
>> Software Architect,
>>
>> WSO2, Inc. (http://wso2.com)
>> email: same...@wso2.com
>> blog: http://blog.sameera.org
>> twitter: https://twitter.com/sameerajayasoma
>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
>> Mobile: 0094776364456
>>
>> Lean . Enterprise . Middleware
>>
>>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Afkham Azeez]

It can be passed in as an env variable when starting the container

On Wed, Mar 30, 2016 at 12:16 PM, Hasitha Aravinda  wrote:

> One limitation we had in C4 based secure vault is once enabled we have to
> provide the keystore password at every server start. I think we have to
> look how we can overcome this limitation in container world.
>
> Thanks,
> Hasitha.
>
> On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:
>
>> In the container world, the sec vault files will get packed into the
>> containers, and if there are changes to those files, you will need to
>> create a new version of the container image. This is true for the rest of
>> the configuration files as well. This goes with the concept of immutable
>> servers.
>>
>> Azeez
>>
>> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
>> wrote:
>>
>>> I believe we cannot apply the same thing we had in C4. We have to think
>>> about how we can apply this for containers as well. Lets have a quick chat
>>> on this.
>>>
>>> Thanks,
>>> Sameera.
>>>
>>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
>>> wrote:
>>>
 I think we have to target this for Hamming platform ? Because we have
 some configuration files like (*-datasource.xml) with passwords.

 Apart from securing passwords in configuration files, I think we will
 need secure vault support for runtime as well. In products like GW, ESB and
 BPS do secure services invocations, (i.e BasicAuth) and we will need a
 central place to store encrypted credentials.

 Thanks,
 Hasitha.

 On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:

> Simply porting the existing sec vault to work with C5 should be
> sufficient.
>
> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
> wrote:
>
>> Hi team,
>>
>> How are we going to use $Subject in C5. Can we use existing secure
>> vault implementation for this.
>>
>> Thanks,
>> Hasitha.
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>



 --
 --
 Hasitha Aravinda,
 Senior Software Engineer,
 WSO2 Inc.
 Email: hasi...@wso2.com
 Mobile : +94 718 210 200

>>>
>>>
>>>
>>> --
>>> Sameera Jayasoma,
>>> Software Architect,
>>>
>>> WSO2, Inc. (http://wso2.com)
>>> email: same...@wso2.com
>>> blog: http://blog.sameera.org
>>> twitter: https://twitter.com/sameerajayasoma
>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
>>> Mobile: 0094776364456
>>>
>>> Lean . Enterprise . Middleware
>>>
>>>
>>
>>
>> --
>> *Afkham Azeez*
>> Director of Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>
>
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



-- 
*Afkham Azeez*
Director of Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Hasitha Aravinda]

One limitation we had in C4 based secure vault is once enabled we have to
provide the keystore password at every server start. I think we have to
look how we can overcome this limitation in container world.

Thanks,
Hasitha.

On Wed, Mar 30, 2016 at 12:12 PM, Afkham Azeez  wrote:

> In the container world, the sec vault files will get packed into the
> containers, and if there are changes to those files, you will need to
> create a new version of the container image. This is true for the rest of
> the configuration files as well. This goes with the concept of immutable
> servers.
>
> Azeez
>
> On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma 
> wrote:
>
>> I believe we cannot apply the same thing we had in C4. We have to think
>> about how we can apply this for containers as well. Lets have a quick chat
>> on this.
>>
>> Thanks,
>> Sameera.
>>
>> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
>> wrote:
>>
>>> I think we have to target this for Hamming platform ? Because we have
>>> some configuration files like (*-datasource.xml) with passwords.
>>>
>>> Apart from securing passwords in configuration files, I think we will
>>> need secure vault support for runtime as well. In products like GW, ESB and
>>> BPS do secure services invocations, (i.e BasicAuth) and we will need a
>>> central place to store encrypted credentials.
>>>
>>> Thanks,
>>> Hasitha.
>>>
>>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:
>>>
 Simply porting the existing sec vault to work with C5 should be
 sufficient.

 On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
 wrote:

> Hi team,
>
> How are we going to use $Subject in C5. Can we use existing secure
> vault implementation for this.
>
> Thanks,
> Hasitha.
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



 --
 *Afkham Azeez*
 Director of Architecture; WSO2, Inc.; http://wso2.com
 Member; Apache Software Foundation; http://www.apache.org/
 * *
 *email: **az...@wso2.com* 
 * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
 *http://blog.afkham.org* 
 *twitter: **http://twitter.com/afkham_azeez*
 
 *linked-in: **http://lk.linkedin.com/in/afkhamazeez
 *

 *Lean . Enterprise . Middleware*

>>>
>>>
>>>
>>> --
>>> --
>>> Hasitha Aravinda,
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> Email: hasi...@wso2.com
>>> Mobile : +94 718 210 200
>>>
>>
>>
>>
>> --
>> Sameera Jayasoma,
>> Software Architect,
>>
>> WSO2, Inc. (http://wso2.com)
>> email: same...@wso2.com
>> blog: http://blog.sameera.org
>> twitter: https://twitter.com/sameerajayasoma
>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
>> Mobile: 0094776364456
>>
>> Lean . Enterprise . Middleware
>>
>>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>



-- 
--
Hasitha Aravinda,
Senior Software Engineer,
WSO2 Inc.
Email: hasi...@wso2.com
Mobile : +94 718 210 200
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Afkham Azeez]

In the container world, the sec vault files will get packed into the
containers, and if there are changes to those files, you will need to
create a new version of the container image. This is true for the rest of
the configuration files as well. This goes with the concept of immutable
servers.

Azeez

On Wed, Mar 30, 2016 at 11:54 AM, Sameera Jayasoma  wrote:

> I believe we cannot apply the same thing we had in C4. We have to think
> about how we can apply this for containers as well. Lets have a quick chat
> on this.
>
> Thanks,
> Sameera.
>
> On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda 
> wrote:
>
>> I think we have to target this for Hamming platform ? Because we have
>> some configuration files like (*-datasource.xml) with passwords.
>>
>> Apart from securing passwords in configuration files, I think we will
>> need secure vault support for runtime as well. In products like GW, ESB and
>> BPS do secure services invocations, (i.e BasicAuth) and we will need a
>> central place to store encrypted credentials.
>>
>> Thanks,
>> Hasitha.
>>
>> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:
>>
>>> Simply porting the existing sec vault to work with C5 should be
>>> sufficient.
>>>
>>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
>>> wrote:
>>>
 Hi team,

 How are we going to use $Subject in C5. Can we use existing secure
 vault implementation for this.

 Thanks,
 Hasitha.

 --
 --
 Hasitha Aravinda,
 Senior Software Engineer,
 WSO2 Inc.
 Email: hasi...@wso2.com
 Mobile : +94 718 210 200

>>>
>>>
>>>
>>> --
>>> *Afkham Azeez*
>>> Director of Architecture; WSO2, Inc.; http://wso2.com
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> * *
>>> *email: **az...@wso2.com* 
>>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>>> *http://blog.afkham.org* 
>>> *twitter: **http://twitter.com/afkham_azeez*
>>> 
>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>>> *
>>>
>>> *Lean . Enterprise . Middleware*
>>>
>>
>>
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> Sameera Jayasoma,
> Software Architect,
>
> WSO2, Inc. (http://wso2.com)
> email: same...@wso2.com
> blog: http://blog.sameera.org
> twitter: https://twitter.com/sameerajayasoma
> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
> Mobile: 0094776364456
>
> Lean . Enterprise . Middleware
>
>


-- 
*Afkham Azeez*
Director of Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Sameera Jayasoma]

I believe we cannot apply the same thing we had in C4. We have to think
about how we can apply this for containers as well. Lets have a quick chat
on this.

Thanks,
Sameera.

On Wed, Mar 30, 2016 at 11:51 AM, Hasitha Aravinda  wrote:

> I think we have to target this for Hamming platform ? Because we have some
> configuration files like (*-datasource.xml) with passwords.
>
> Apart from securing passwords in configuration files, I think we will need
> secure vault support for runtime as well. In products like GW, ESB and BPS
> do secure services invocations, (i.e BasicAuth) and we will need a central
> place to store encrypted credentials.
>
> Thanks,
> Hasitha.
>
> On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:
>
>> Simply porting the existing sec vault to work with C5 should be
>> sufficient.
>>
>> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
>> wrote:
>>
>>> Hi team,
>>>
>>> How are we going to use $Subject in C5. Can we use existing secure vault
>>> implementation for this.
>>>
>>> Thanks,
>>> Hasitha.
>>>
>>> --
>>> --
>>> Hasitha Aravinda,
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> Email: hasi...@wso2.com
>>> Mobile : +94 718 210 200
>>>
>>
>>
>>
>> --
>> *Afkham Azeez*
>> Director of Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>
>
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



-- 
Sameera Jayasoma,
Software Architect,

WSO2, Inc. (http://wso2.com)
email: same...@wso2.com
blog: http://blog.sameera.org
twitter: https://twitter.com/sameerajayasoma
flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
Mobile: 0094776364456

Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Hasitha Aravinda]

I think we have to target this for Hamming platform ? Because we have some
configuration files like (*-datasource.xml) with passwords.

Apart from securing passwords in configuration files, I think we will need
secure vault support for runtime as well. In products like GW, ESB and BPS
do secure services invocations, (i.e BasicAuth) and we will need a central
place to store encrypted credentials.

Thanks,
Hasitha.

On Wed, Mar 30, 2016 at 11:33 AM, Afkham Azeez  wrote:

> Simply porting the existing sec vault to work with C5 should be sufficient.
>
> On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda 
> wrote:
>
>> Hi team,
>>
>> How are we going to use $Subject in C5. Can we use existing secure vault
>> implementation for this.
>>
>> Thanks,
>> Hasitha.
>>
>> --
>> --
>> Hasitha Aravinda,
>> Senior Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile : +94 718 210 200
>>
>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>



-- 
--
Hasitha Aravinda,
Senior Software Engineer,
WSO2 Inc.
Email: hasi...@wso2.com
Mobile : +94 718 210 200
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Secure vault for C5 ?

[Afkham Azeez]

Simply porting the existing sec vault to work with C5 should be sufficient.

On Wed, Mar 30, 2016 at 11:03 AM, Hasitha Aravinda  wrote:

> Hi team,
>
> How are we going to use $Subject in C5. Can we use existing secure vault
> implementation for this.
>
> Thanks,
> Hasitha.
>
> --
> --
> Hasitha Aravinda,
> Senior Software Engineer,
> WSO2 Inc.
> Email: hasi...@wso2.com
> Mobile : +94 718 210 200
>



-- 
*Afkham Azeez*
Director of Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev