Barbican default basic file-based keystore not safe for production
Bug #1625340 reported by
Christian Berendt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla |
Fix Released
|
Critical
|
Duong Ha-Quang |
Bug Description
According to the documentation of barbican:
#. Barbican has a plugin architecture which allows the deployer to store secrets in
a number of different back-end secret stores. By default, Barbican is configured to
store secrets in a basic file-based keystore. This key store is NOT safe for
production use.
This basic file-based keystore is used at the moment.
An other problem with this keystore: it is file based. This means that it currently does not work with multiple control nodes because we do not required a shared directory for the Barbican role.
Changed in kolla: | |
status: | New → Confirmed |
importance: | Undecided → Critical |
Changed in kolla: | |
milestone: | none → ocata-3 |
Changed in kolla: | |
milestone: | ocata-3 → ocata-rc1 |
Changed in kolla: | |
assignee: | nobody → Duong Ha-Quang (duonghq) |
summary: |
- Barbican default basic file-based keystone not safe for production + Barbican default basic file-based keystore not safe for production |
To post a comment you must log in.
[21:45:15] <dave-mccowan> database backend would be a better choice.