t;>>>> it is disallowed, I will suggest Magnum team to pursue
>>>>> other options.
>>>>>
>>>>> So, for the original question, does Keystone team allow us
>>>>> to store encrypted data in Keystone? A point of view is
>
am
> >> allows us to pursue the first option. If it is disallowed, I will
> >> suggest Magnum team to pursue other options.
> >>
> >> So, for the original question, does Keystone team allow us to store
> >> encrypted data in Keystone? A point of vie
ring un-encrypted data). Would I
>> confirm if Keystone team agrees (or doesn’t disagree) with this
>> point of view?
>>
>>
>>
>> [1] https://etherpad.openstack.org/p/magnum-barbican-alternative
>>
>>
>>
>> Best regards,
>>
&g
point of view?
>
>
>
> [1] https://etherpad.openstack.org/p/magnum-barbican-alternative
>
>
>
> Best regards,
>
> Hongbin
>
>
>
> *From:*Morgan Fainberg [mailto:morgan.fainb...@gmail.com] *Sent:*
> April-13-16 12:08 AM *To:* OpenStack Development Maili
Excerpts from Clayton O'Neill's message of 2016-04-13 07:37:16 -0700:
> On Wed, Apr 13, 2016 at 10:26 AM, rezroo wrote:
> > Hi Kevin,
> >
> > I understand that this is how it is now. My question is how bad would it be
> > to wrap the Barbican client library calls in another
Excerpts from Douglas Mendizábal's message of 2016-04-13 10:01:21 -0700:
> Hash: SHA512
>
> Hi Reza,
>
> The Barbican team has already abstracted python-barbicanclient into a
> general purpose key-storage library called Castellan [1]
>
> There are a few OpenStack projects that have planned to
: Wednesday, April 13, 2016 7:37 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone
/v3/credentials to store TLS certificates
On Wed, Apr 13, 2016 at 10:26 AM, rezroo <openst...@roodsari.us> wrote:
> Hi Kev
On 04/12/2016 03:43 PM, Hongbin Lu wrote:
Hi all,
In short, some Magnum team members proposed to store TLS certificates
in Keystone credential store. As Magnum PTL, I want to get agreements
(or non-disagreement) from OpenStack community in general, Keystone
community in particular, before
t;openstack-dev@lists.openstack.org>
Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone
/v3/credentials to store TLS certificates
> I think we need to ask who we are lowering the barrier of entry for. Are we
> going down this path because we want developers to have less th
I think we need to ask who we are lowering the barrier of entry for. Are we
going down this path because we want developers to have less things to do
to stand up a development environment? Or do we want to make it easy for
people to realistically test? If you're going to realistically vet magnum,
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone
/v3/credentials to store TLS certificates
On Tue, Apr 12, 2016 at 8:06 PM, Adrian Otto
<adrian.o...@rackspace.com<mailto:adrian.o...@rackspace.com>> wrote:
Pleas
On Wed, Apr 13, 2016 at 10:26 AM, rezroo wrote:
> Hi Kevin,
>
> I understand that this is how it is now. My question is how bad would it be
> to wrap the Barbican client library calls in another class and claim, for
> all practical purposes, that Magnum has no direct
8:06:03 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone
/v3/credentials to store TLS certificates
Please don't miss the point here. We are seeking a solution that allows a
location to place a client side encrypted bl
, April 12, 2016 8:06:03 PM
*To:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [openstack-dev] [magnum][keystone][all] Using Keystone
/v3/credentials to store TLS certificates
Please don't miss the point here. We are seeking a solution that
allows a location to plac
ha setups and barbican before. Ha is way worse.
Thanks,
Kevin
From: Adrian Otto
Sent: Tuesday, April 12, 2016 8:06:03 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone
/v3
On Tue, Apr 12, 2016 at 8:06 PM, Adrian Otto
wrote:
> Please don't miss the point here. We are seeking a solution that allows a
> location to place a client side encrypted blob of data (A TLS cert) that
> multiple magnum-conductor processes on different hosts can reach
Please don't miss the point here. We are seeking a solution that allows a
location to place a client side encrypted blob of data (A TLS cert) that
multiple magnum-conductor processes on different hosts can reach over the
network.
We *already* support using Barbican for this purpose, as well as
On Tue, Apr 12, 2016 at 3:27 PM, Lance Bragstad wrote:
> Keystone's credential API pre-dates barbican. We started talking about
> having the credential API back to barbican after it was a thing. I'm not
> sure if any work has been done to move the credential API in this
>
Keystone's credential API pre-dates barbican. We started talking about
having the credential API back to barbican after it was a thing. I'm not
sure if any work has been done to move the credential API in this
direction. From a security perspective, I think it would make sense for
keystone to back
19 matches
Mail list logo