Re: Next version of design and process docs available
I have always found that to be appealing (registry gets data from non-secret or secret store) but I know there are those in the community that feel these are separate responsibilities. It is worth chatting about tomorrow and even if it isn’t delivered as part of this release, something we think about for future releases if that the arguments can be effectively made to offer that through the client.
From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Goodell, Leonard
Sent: Tuesday, April 2, 2019 2:01 PM
To: White2, James; EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] Next version of design and process docs available
Is there any interest in reviving the idea of having the Registry Client do the secret retrieval?
It of course would have to first be configured with the appropriate vault token, but then could take care of the namespace and actual retrieval of the secrets into the services configuration struct.
My thought is the service’s config structure could have a Secrets section which would get pulled from Vault rather than the registry service (i.e. Consul) as part of the GetConfiguration() implementation.
Thanks for the input last week on
The next version of these docs is available on the Wiki and at the link locations below:
We’ll discuss these at this week’s security WG meeting, but we always welcome feedback early.
Bryon Nevis and Jim Wang will also present their (Intel) high level planning for Fuji.
Director, IoT Platform Development Team & Distinguished Engineer
EdgeX Foundry Technical Steering Committee Vice Chairman
Dell Technologies | IoT Solutions Division
Office +1 512-723-6139, mobile/text +1 612-916-6693