Comment 6 for bug 1721003

Revision history for this message
Cédric Jeanneret deactivated (cjeanneret-c2c-deactivated) wrote :

Hello Raildo,

Oh, nope, I wasn't aware of that Castellan, though I know a bit about Barbican.

Just so that you know: Custodia is the internal backend of IPA Vault service - my intend is "just" to be able to access IPA Vault using the novajoin generated principals on the openstack Controllers.

Please note that I'm mainly speaking about TripleO deployment, meaning the "secret storage" service (whatever it is) must be either external to the tripleO env (like an already running FreeIPA), or existing on the undercloud (like a local Custodia running on the undercloud server - my first iteration).
Hence, Castellan should be available from the overcloud-full image and so on.

Thanks for the pointer to that possibility, I'll keep an eye on the project :).

Cheers,

C.