[Bug 1796851] Re: vault: add support for AppRole authentication
James Page
james.page at ubuntu.com
Thu Oct 11 12:38:18 UTC 2018
FFe details
===========
1) builds:
See PPA - https://launchpad.net/~james-page/+archive/ubuntu/vault-
production
2) installs and upgrades:
Existing packages deployed and then upgraded to PPA built packages OK
3) does not break packages which depend on it, or that corresponding
updates have been prepared.
Barbican and castellan covered under same bug, changes implemented in a
backwards compatible way (they don't change the existing function).
4) Verification
Barbican configured with approle based authentication and a non-default
KV mountpoint using proposed packages, secrets correct stored and
retrieved using Vault via the Barbican API.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to barbican in Ubuntu.
https://bugs.launchpad.net/bugs/1796851
Title:
vault: add support for AppRole authentication
Status in castellan:
In Progress
Status in barbican package in Ubuntu:
Triaged
Status in python-castellan package in Ubuntu:
Triaged
Bug description:
Vault provides a nice way for applications to integrate with its API:
https://www.vaultproject.io/docs/auth/approle.html
As the authentication method has two components (role_id and secret_id) is easy to automate distribution of credentials by providing the role_id but response wrapping the secret_id with access via a one shot, IP address restricted token.
It would be nice is castellan and barbican supported this approach.
To manage notifications about this bug go to:
https://bugs.launchpad.net/castellan/+bug/1796851/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list