OpenStack Barbican (Key Management) Support

[Fernando Diaz]

Hello Vault Community,

My name is Fernando Diaz(https://github.com/diazjf) and I am a core-contributor to the OpenStack Barbican(https://github.com/openstack/barbican). I recently attended the OpenStack Summit in Barcelona, where I was approached by many developers and operators with great interest in Vault.

OpenStack:  Free and open-source software platform for cloud computing, mostly deployed as an infrastructure-as-a-service (IaaS).

Barbican: Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments.

Our goal would be to integrate Vault as a Backend for Barbican, similar to what is done for Dogtag. This would allow Vault to be used amongst any OpenStack deployment using Barbican.There will be steps that must be complete in both Vault and Barbican, and I will work with my team in order to obtain a list of those. I am posting in this google-group to gain feedback from everyone on the interest in doing this.

Sincerely,

Fernando Diaz

[Jeff Mitchell]

Hi Fernando,

This certainly sounds interesting! We'll have to see what the items
required on the Vault side are and timelines for when we could address
those if accepted.

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/f2871e34-bb4e-4b92-b7ba-b6e5eff4c2f8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Ken Schroeder]

I see this is pretty old but not finding any other useful traces to potential Barbican integration with Vault.  Is there any active plugin development with Vault back end for Barbican?  

[Fernando Diaz]

Hello Ken,

Unfortunately it has been a while since I have been involved with the Barbican Project. I did however see a couple of commits related to Vault integration in Castellan(Generic Key Manager) which Barbican can use as a Backend.

See https://github.com/openstack/barbican/commit/89cb777941af91ef24d3209b89ac3268b345c2a0

See https://github.com/openstack/castellan/blob/master/castellan/key_manager/vault_key_manager.py

I believe Ade Lee(al...@redhat.com) is the current PTL of the Barbican Project. You should contact him for further details.

You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/BfSq4dP081s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/bb583043-2e1c-4e61-8738-7225380017b5%40googlegroups.com.