secrets and certificates

[Kurt T Stam]

Hi guys,

I just finished creating support to run apiman, gateway and elastic all on SSL. I think there is a real need to create tooling around secret management and certificate distribution and signing, and interacting with a real Certificate Authority.

• We need to be able to document our secrets in a central place.
• We need to be able to upload secrets from this console - I guess we already have a start for this in the fabric8 console, so maybe that's the right place.
  
• Support key handling: create, export, import, signing - For example for authentication purposes it should be possible to create clientside keys for a service, that can then be imported into keystore of the client secret.

--Kurt

[Charles Moulliard]

Hi Kurt,

I completely agree with you. We should have a PKI Tool part of Openshift Origin and/or Fabric8 in order to manage the points that you have reported.

I don't know if Origin project will continue to develop their "deployer - https://github.com/openshift/origin-aggregated-logging/tree/master/deployer" but this is certainly something that we should discuss all together.

Regards,

Charles

--
You received this message because you are subscribed to the Google Groups "fabric8" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fabric8+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Charles Moulliard

Apache Committer & PMC / Architect @RedHat

Twitter : @cmoulliard | Blog :  http://cmoulliard.github.io

[James Strachan]

I'm hoping helm can include some capability to know when to generate secrets/certs or provide some way to import them from other sources (users laptops, vault or whatnot)

https://github.com/kubernetes/helm

James
-------
Red Hat

Twitter: @jstrachan
Email: james.s...@gmail.com

Blog: https://medium.com/@jstrachan/

fabric8: http://fabric8.io/

open source microservices platform