RFE: Token Key Store

Bug #1816054 reported by Lance Bragstad on 2019-02-15
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)

Bug Description

The existing Fernet implementation uses a file-backed key repository for storing Fernet keys. A security optimization that can be made is to put the keys into a dedicated key manager instead of having the Fernet keys on disk.

Lance Bragstad (lbragstad) wrote :

Original specification: https://review.openstack.org/#/c/311268/
Specification removal due to inactivity: https://review.openstack.org/#/c/439194/

The idea is certainly still applicable to both fernet and jwt provider. The major hurdle is defining the interface between the token providers and what manages the keys.

tags: added: fernet
tags: added: jwt
Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
tags: added: rfe
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers