Monday, 2018-08-20

« Sunday, 2018-08-19 Index Tuesday, 2018-08-21 »
*** livelace has quit IRC00:28
*** livelace has joined #openstack-barbican00:28
*** ducnv has joined #openstack-barbican01:01
*** phuongnh has joined #openstack-barbican01:17
*** jaosorior has joined #openstack-barbican04:31
*** phuongnh has quit IRC05:00
*** phuongnh has joined #openstack-barbican05:00
*** phuongnh has quit IRC05:44
*** phuongnh has joined #openstack-barbican06:38
*** pcaruana has joined #openstack-barbican06:46
*** jaosorior has quit IRC07:17
*** velizarx has joined #openstack-barbican07:25
*** Luzi has joined #openstack-barbican07:31
*** jaosorior has joined #openstack-barbican07:37
*** livelace has quit IRC08:12
*** livelace has joined #openstack-barbican08:16
*** velizarx has quit IRC08:22
*** velizarx has joined #openstack-barbican08:57
*** phuongnh has quit IRC11:31
*** dave-mccowan has joined #openstack-barbican11:34
*** raildo has joined #openstack-barbican11:59
*** abishop has joined #openstack-barbican13:11
*** raildo_ has joined #openstack-barbican13:33
*** raildo has quit IRC13:36
*** Luzi has quit IRC13:36
*** pbourke has quit IRC14:04
*** pbourke has joined #openstack-barbican14:06
*** redrobot has joined #openstack-barbican14:14
*** ducnv_ has joined #openstack-barbican14:56
*** fyx has joined #openstack-barbican15:02
fyxI'm deploying barbican with HSM backend, would there be any benefit choosing PKCS#11 over KMIP or the other?15:05
*** pcaruana has quit IRC15:11
*** velizarx has quit IRC15:21
*** ducnv_ has quit IRC16:10
*** strigazi has quit IRC16:19
*** strigazi has joined #openstack-barbican16:24
*** velizarx has joined #openstack-barbican16:36
*** raildo has joined #openstack-barbican16:39
*** raildo_ has quit IRC16:40
redrobotfyx, the PKCS#11 plugin is written in a way that secrets are wrapped and then stored in the DB, whereas the KMIP plugin stores everything in the HSM16:57
redrobotfyx, if your hsm supports both, you may want to consider your expected usage.  Some HSM have very limited storage and you could end up filling it quickly with the KMIP plugin16:58
*** raildo has quit IRC17:31
*** raildo has joined #openstack-barbican17:32
*** raildo has quit IRC17:33
*** raildo has joined #openstack-barbican17:40
*** raildo has quit IRC17:41
*** raildo has joined #openstack-barbican17:45
*** raildo has quit IRC18:01
*** raildo has joined #openstack-barbican18:13
*** raildo has quit IRC18:15
*** raildo has joined #openstack-barbican18:17
*** abishop has quit IRC18:21
*** abishop has joined #openstack-barbican18:21
*** velizarx has quit IRC18:23
*** raildo has quit IRC18:30
*** raildo has joined #openstack-barbican18:41
*** raildo_ has joined #openstack-barbican18:52
*** raildo_ has quit IRC18:52
*** raildo has quit IRC18:53
*** raildo has joined #openstack-barbican19:00
*** raildo has quit IRC19:04
*** serlex has joined #openstack-barbican19:10
*** serlex has quit IRC19:14
*** Dmitrii-Sh_ has joined #openstack-barbican20:02
*** Dmitrii-Sh has quit IRC20:08
*** v1k0d3n has quit IRC20:08
*** Dmitrii-Sh_ is now known as Dmitrii-Sh20:09
*** v1k0d3n has joined #openstack-barbican20:10
*** raildo has joined #openstack-barbican20:19
*** raildo has quit IRC20:21
fyxredrobot: I will check that, many thanks20:28
*** liquid_pascal has joined #openstack-barbican20:33
liquid_pascalHey, quick question: I'm trying to add some more conditions for when barbican returns a secret. Am I right in trying to add these rules to the oslo_policy document? And if I am, could I have a pointer at where to start?20:34
redrobotliquid_pascal, if you're trying to add role checks and such, then yes, that's the spot.  Also see: https://docs.openstack.org/oslo.policy/latest/admin/index.html21:29
liquid_pascalI'm trying to add checks on additional information. I have a database that includes date ranges, and I need to see if the role has access in those data ranges21:29
liquid_pascals/data/date21:30
*** liquid_pascal has quit IRC21:38
« Sunday, 2018-08-19 Index Tuesday, 2018-08-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!