Hi Lisa,
In regards to your comment about the duplication of key management code in
Cinder and Nova, there was a long-term plan to replace that code with a shared
library when the encryption feature was implemented. The key manager code has
been moved to its own library, Castellan [1]. The pl
All,
Please reply or send me an email if you are using the ConfKeyManager
(fixed-key key manager) in deployment for volume encryption or
ephemeral storage encryption. You can check this by looking at the
[keymgr] section, api_class entry of nova.conf or cinder.conf. The
ConfKeyManager was only int
> The fixed key manager is useful for easy testing (we're using it in the
> gate in places where barbican isn't available). Is there anything
> equivalent with Catellan?
>
> -Sean
>
> --
> Sean Dague
> http://dague.net
There is no fixed-key back end with Castellan. I agree that using a
f
>> Aiming toward tests that mirror real-world deployment is certainly a
>> good thing, but I don't think we should remove ConfKeyManager.
>>
>> We will want to maintain the ability to test these Cinder/Nova code
>> paths in development environments or in some automated environments
>> without requi
+1, Dave has been a key contributor, and his code reviews are thoughtful.
Kaitlin
I'd like to nominate Dave Mccowan for the Barbican core review team.
He has been an active contributor both in doing relevant code pieces and
making useful and thorough revie
Hi Utkarsh,
Specifying "kmip_plugin" in the barbican-api.conf is the correct way to
configure the plugin. In my previous debugging experience, I've found that I
get CryptoPluginNotFound if an error occurred during the plugin's __init__
method. For the KMIP plugin, this means the key file permissio
Hi Chris,
I would be happy to help you with the trouble you've encountered using the
KMIP plugin. From what you've described, it sounds like you have everything
set up correctly. If you've specified kmip_plugin under
enabled_secret_store_plugins, then the reason it would give you
SecretStorePlugin
Proposed library name: Rename Castellan to oslo.keymanager
Proposed library mission/motivation: Castellan's goal is to provide a
generic key manager interface that projects can use for their key
manager needs, e.g., storing certificates or generating keys for
encrypting data. The interface passes
This thread has generated quite the discussion, so I will try to
address a few points in this email, echoing a lot of what Dave said.
Clint originally explained what we are trying to solve very well. The hope was
that the rename would emphasize that Castellan is just a basic
interface that suppo
> As i known, the secrets are saved in a user's domain, and other
> project/user can not retrieve the secrets.
> But i have a situation that many users need retrieve a same secret.
>
> After looking into the castellan usage, I see the method that saving the
>credentials in configuratio
> Barbicaneers, please indicate your agreement by responding with +1.
+1 from me. Jeremy has been a valuable contributor for the past several
development cycles.
Kaitlin
__
OpenStack Development Mailing List (not for usage
Lee, a few thoughts on your previous email. Many of the details I think you
already know, but I'm clarifying for posterity's sake:
> However the only supported disk encryption formats on the front-end at
> present are plain (dm-crypt) and LUKS, neither of which use the supplied
> key
Hi everyone,
I will be presenting a recap of the "Data Protection in OpenStack" presentation
from IEEE CLOUD on Monday, September 25th at 4 PM in Central Spark. The
OpenStack team wrote the paper, and the funding came from the Janney 2.0
"Engage" awards.
https://aplweb.jhuapl.edu/news/Pages/J
Hi Barbicaneers,
I will be moving on to other projects at work and will not have time to
contribute to OpenStack anymore. I am stepping down as core reviewer as I will
not be able to maintain my responsibilities. It's been a great 4.5 years
working on OpenStack and a fulfilling 3 years as a
14 matches
Mail list logo
