RFE: Token Key Store
Bug #1816054 reported by
Lance Bragstad
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
The existing Fernet implementation uses a file-backed key repository for storing Fernet keys. A security optimization that can be made is to put the keys into a dedicated key manager instead of having the Fernet keys on disk.
Revision history for this message
| Lance Bragstad (lbragstad) wrote | #1 |
| tags: | added: fernet |
| tags: | added: jwt |
| Changed in keystone: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
Revision history for this message
| Lance Bragstad (lbragstad) wrote | #2 |
| tags: | added: rfe |
To post a comment you must log in.
Original specification: https:/
Specification removal due to inactivity: https:/
The idea is certainly still applicable to both fernet and jwt provider. The major hurdle is defining the interface between the token providers and what manages the keys.