Protecting Plaintext Password
Various regulations and best practices say that passwords and other
secret values should not be stored in plain text in configuration
files. There are "secret store" services to manage values that should
be kept secure. Castellan provides an abstraction API for accessing
those services.
In order to secure properly the secrets in that configurations files, we should
use a Castellan reference for that secrets and store it using a proper key
store backend, such as the Custodia Service, which makes easier that
integration since Custodia supports overlayed encryption backend that can be
used to store those secrets. In addition, we don't need any authentication
method through Keystone to handle with the access control on Castellan or
Custodia, so we still able to store the Keystone secrets as well.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Raildo Mascena de Sousa Filho
- Direction:
- Needs approval
- Assignee:
- Raildo Mascena de Sousa Filho
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by