RFE: Token Key Store

Bug #1816054 reported by Lance Bragstad
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Triaged
Wishlist
Unassigned

Bug Description

The existing Fernet implementation uses a file-backed key repository for storing Fernet keys. A security optimization that can be made is to put the keys into a dedicated key manager instead of having the Fernet keys on disk.

Tags: fernet jwt rfe
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Original specification: https://review.openstack.org/#/c/311268/
Specification removal due to inactivity: https://review.openstack.org/#/c/439194/

The idea is certainly still applicable to both fernet and jwt provider. The major hurdle is defining the interface between the token providers and what manages the keys.

tags: added: fernet
tags: added: jwt
Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Lance Bragstad (lbragstad) wrote :
tags: added: rfe
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.