RFE: Token Key Store
Bug #1816054 reported by
Lance Bragstad
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
The existing Fernet implementation uses a file-backed key repository for storing Fernet keys. A security optimization that can be made is to put the keys into a dedicated key manager instead of having the Fernet keys on disk.
tags: | added: rfe |
To post a comment you must log in.
Original specification: https:/ /review. openstack. org/#/c/ 311268/ /review. openstack. org/#/c/ 439194/
Specification removal due to inactivity: https:/
The idea is certainly still applicable to both fernet and jwt provider. The major hurdle is defining the interface between the token providers and what manages the keys.