Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

t;>>>> it is disallowed, I will suggest Magnum team to pursue >>>>> other options. >>>>> >>>>> So, for the original question, does Keystone team allow us >>>>> to store encrypted data in Keystone? A point of view is >

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

am > >> allows us to pursue the first option. If it is disallowed, I will > >> suggest Magnum team to pursue other options. > >> > >> So, for the original question, does Keystone team allow us to store > >> encrypted data in Keystone? A point of vie

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

ring un-encrypted data). Would I >> confirm if Keystone team agrees (or doesn’t disagree) with this >> point of view? >> >> >> >> [1] https://etherpad.openstack.org/p/magnum-barbican-alternative >> >> >> >> Best regards, >> &g

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

point of view? > > > > [1] https://etherpad.openstack.org/p/magnum-barbican-alternative > > > > Best regards, > > Hongbin > > > > *From:*Morgan Fainberg [mailto:morgan.fainb...@gmail.com] *Sent:* > April-13-16 12:08 AM *To:* OpenStack Development Maili

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

Excerpts from Clayton O'Neill's message of 2016-04-13 07:37:16 -0700: > On Wed, Apr 13, 2016 at 10:26 AM, rezroo wrote: > > Hi Kevin, > > > > I understand that this is how it is now. My question is how bad would it be > > to wrap the Barbican client library calls in another

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

Excerpts from Douglas Mendizábal's message of 2016-04-13 10:01:21 -0700: > Hash: SHA512 > > Hi Reza, > > The Barbican team has already abstracted python-barbicanclient into a > general purpose key-storage library called Castellan [1] > > There are a few OpenStack projects that have planned to

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

: Wednesday, April 13, 2016 7:37 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates On Wed, Apr 13, 2016 at 10:26 AM, rezroo <openst...@roodsari.us> wrote: > Hi Kev

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

On 04/12/2016 03:43 PM, Hongbin Lu wrote: Hi all, In short, some Magnum team members proposed to store TLS certificates in Keystone credential store. As Magnum PTL, I want to get agreements (or non-disagreement) from OpenStack community in general, Keystone community in particular, before

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

t;openstack-dev@lists.openstack.org> Subject:  Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates > I think we need to ask who we are lowering the barrier of entry for. Are we > going down this path because we want developers to have less th

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

I think we need to ask who we are lowering the barrier of entry for. Are we going down this path because we want developers to have less things to do to stand up a development environment? Or do we want to make it easy for people to realistically test? If you're going to realistically vet magnum,

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates On Tue, Apr 12, 2016 at 8:06 PM, Adrian Otto <adrian.o...@rackspace.com<mailto:adrian.o...@rackspace.com>> wrote: Pleas

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

On Wed, Apr 13, 2016 at 10:26 AM, rezroo wrote: > Hi Kevin, > > I understand that this is how it is now. My question is how bad would it be > to wrap the Barbican client library calls in another class and claim, for > all practical purposes, that Magnum has no direct

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

8:06:03 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates Please don't miss the point here. We are seeking a solution that allows a location to place a client side encrypted bl

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

, April 12, 2016 8:06:03 PM *To:* OpenStack Development Mailing List (not for usage questions) *Subject:* Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates Please don't miss the point here. We are seeking a solution that allows a location to plac

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

ha setups and barbican before. Ha is way worse. Thanks, Kevin From: Adrian Otto Sent: Tuesday, April 12, 2016 8:06:03 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

On Tue, Apr 12, 2016 at 8:06 PM, Adrian Otto wrote: > Please don't miss the point here. We are seeking a solution that allows a > location to place a client side encrypted blob of data (A TLS cert) that > multiple magnum-conductor processes on different hosts can reach

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

Please don't miss the point here. We are seeking a solution that allows a location to place a client side encrypted blob of data (A TLS cert) that multiple magnum-conductor processes on different hosts can reach over the network. We *already* support using Barbican for this purpose, as well as

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

On Tue, Apr 12, 2016 at 3:27 PM, Lance Bragstad wrote: > Keystone's credential API pre-dates barbican. We started talking about > having the credential API back to barbican after it was a thing. I'm not > sure if any work has been done to move the credential API in this >

Re: [openstack-dev] [magnum][keystone][all] Using Keystone /v3/credentials to store TLS certificates

Keystone's credential API pre-dates barbican. We started talking about having the credential API back to barbican after it was a thing. I'm not sure if any work has been done to move the credential API in this direction. From a security perspective, I think it would make sense for keystone to back