| JayF | When I get to a desktop I can approve that post if someone else hasn't gotten to it first | 00:04 |
|---|---|---|
| shakko | GOAT ahahah | 00:13 |
| *** ralonsoh_ is now known as ralonsoh | 07:50 | |
| shakko | still waiting approval : ) | 11:07 |
| capt1 | Hi everyone, We are currently working on designing credential/secret management for our platform built on OpenStack, and we are trying to reason about it from first principles instead of assuming the default OpenStack approach. Our requirement is tenant-level secure credential storage (similar to a KMS) where identities/secrets are not stored directly on disk. We looked at Barbican, but from our understanding it does not fully behave like a tenant- | 13:04 |
| capt1 | ntial store in the way a typical KMS does. Questions: Has anyone implemented tenant-level secret storage / credential management on top of OpenStack? Did you extend Barbican, integrate an external KMS (like Hashicorp Vault), or use some other pattern? How do you avoid storing sensitive identities or credentials directly on disk? Appreciate any thoughts or references. Thanks! | 13:04 |
| JayF | shakko: The mailing list server was unhappy last night when I went to approve, it's apparently in better shape this morning so hopefully someone else is already taking care of you or I will when I start my day | 13:42 |
| shakko | what happened? why were they unhappy? | 19:38 |
| shakko | yep, my mail has been accepted | 19:38 |
| JayF | The opendev services generally have been inundated with (presumed-to-be-for-AI) scrapers that don't respect robots.txt | 19:44 |
| JayF | it's been impacting uptime of services despite the heroic effort to keep them up | 19:44 |
| shakko | i'm really sorry for who need to take care of it | 19:51 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!