Re: Next version of design and process docs available


Goodell, Leonard
 

Hi Jim,

  Is there any interest in reviving the idea of having the Registry Client do the secret retrieval?

 

It of course would have to first be configured with the appropriate vault token, but then could take care of the namespace and actual retrieval of the secrets into the services configuration struct.

 

My thought is the service’s config structure could have a Secrets section which would get pulled from Vault rather than the registry service (i.e. Consul) as part of the GetConfiguration() implementation.

 

Thanks!

   Lenny

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of White2, James
Sent: Sunday, March 31, 2019 4:00 PM
To: EdgeX-TSC-Security@...
Subject: [Edgex-tsc-security] Next version of design and process docs available

 

All,

Thanks for the input last week on

  • our design for protecting EdgeX secrets for Edinburgh Release and
  • the process for addressing security issues (CVE)

 

The next version of these docs is available on the Wiki and at the link locations below:

https://wiki.edgexfoundry.org/download/attachments/329467/Protecting%20EdgeX%20Secrets-v5.pdf?version=1&modificationDate=1554072568311&api=v2

https://wiki.edgexfoundry.org/download/attachments/329467/EdgeX%20Process%20for%20Addressing%20Security%20Issues-v4.pdf?version=1&modificationDate=1554068308940&api=v2

 

We’ll discuss these at this week’s security WG meeting, but we always welcome feedback early.

 

Bryon Nevis and Jim Wang will also present their (Intel) high level planning for Fuji.

 

Thanks,

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.