Add reference for the transport key
Registered by
Ade Lee
Transport keys are used to ensure that the secret is pre-encrypted in such a way that only the client and the back-end store can decrypt the secret. This is for users which do not trust Barbican, but do trust the back-end secret store. Or for those that need FIPS and CC certified components.
Currently, the client gets the transport key from Barbican. But if the client does not trust Barbican, this is a potential vulnerability. We need to add the ability for the client to retrieve the transport key from the back-end store directly.
Blueprint information
- Status:
- Not started
- Approver:
- Douglas Mendizábal
- Priority:
- Medium
- Drafter:
- Ade Lee
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- Proposed for liberty
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)