07428d4985
1. Add new option 'use_barbican' in config file [vim_keys] section, default value is False for Pike. 2. Use fernet to encrypt vim password, and save the fernet key into barbican as a secret. 3. Add new fields 'key_type', 'secret_uuid' into VimAuth.auth_cred json string. secret_uuid is masked in vim-show or vim-list response. 4. Set the vim's default 'shared' value to False, vim can only be used by who created it. 5. Add a devref to show how to test. 6. Add a release note. Implements: blueprint encryption-with-barbican Partial-bug: #1667652 Change-Id: I5c779041df5a08a361b9aaefac7d241369732551
9 lines
281 B
YAML
9 lines
281 B
YAML
---
|
|
features:
|
|
- |
|
|
Introduce barbican to save the fernet key of vim auth. Need to configure
|
|
**[vim_keys] use_barbican = True** to enable this feature.
|
|
- |
|
|
Vim's default **shared** property is changed to **False**. Vim can only be
|
|
invoked by user who creates it.
|