Keystone's credential API pre-dates barbican. We started talking about having the credential API back to barbican after it was a thing. I'm not sure if any work has been done to move the credential API in this direction. From a security perspective, I think it would make sense for keystone to back to barbican.
On Tue, Apr 12, 2016 at 2:43 PM, Hongbin Lu <hongbin...@huawei.com> wrote: > Hi all, > > > > In short, some Magnum team members proposed to store TLS certificates in > Keystone credential store. As Magnum PTL, I want to get agreements (or > non-disagreement) from OpenStack community in general, Keystone community > in particular, before approving the direction. > > > > In details, Magnum leverages TLS to secure the API endpoint of > kubernetes/docker swarm. The usage of TLS requires a secure store for > storing TLS certificates. Currently, we leverage Barbican for this purpose, > but we constantly received requests to decouple Magnum from Barbican > (because users normally don’t have Barbican installed in their clouds). > Some Magnum team members proposed to leverage Keystone credential store as > a Barbican alternative [1]. Therefore, I want to confirm what is Keystone > team position for this proposal (I remembered someone from Keystone > mentioned this is an inappropriate use of Keystone. Would I ask for further > clarification?). Thanks in advance. > > > > [1] > https://blueprints.launchpad.net/magnum/+spec/barbican-alternative-store > > > > Best regards, > > Hongbin > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
