Hi all, We had a couple of discussions with the Oslo team related to implement Pluggable drivers for oslo.config[0] and use those feature to implement support to protect plaintext secret on configuration files[1].
In another hand, due the containerized support on OpenStack services, we have a community effort to implement a k8s ConfigMap support[2][3], which might make us step back and consider how secret management will work, since the config data will need to go into the configmap *before* the container is launched. So, I would like to see what the community think. Should we continue working on that pluggable drivers and protect plain text secrets support for oslo.config? Makes sense having a PTG session[4] on Oslo to discuss that feature? Thanks for the feedback in advance. Cheers, [0] https://review.openstack.org/#/c/454897/ [1] https://review.openstack.org/#/c/474304/ [2] https://github.com/flaper87/keystone-k8s-ansible/blob/6524b768d75a28adf44c74aca77ccf13dd66b1a9/provision-keystone-apb/tasks/main.yaml#L71-L108 [3] https://kubernetes.io/docs/ <https://kubernetes.io/docs/tasks/configure-pod-container/configmap/> tasks/configure-pod-container/configmap/ <https://kubernetes.io/docs/tasks/configure-pod-container/configmap/> [4] https://etherpad.openstack.org/p/oslo-ptg-queens -- Raildo mascena Software Engineer, Identity Managment Red Hat <https://www.redhat.com> <https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
