Re: Next version of design and process docs available


White2, James
 

Hi Lenny,

I have always found that to be appealing (registry gets data from non-secret or secret store) but I know there are those in the community that feel these are separate responsibilities.  It is worth chatting about tomorrow and even if it isn’t delivered as part of this release, something we think about for future releases if that the arguments can be effectively made to offer that through the client.

jim

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Goodell, Leonard
Sent: Tuesday, April 2, 2019 2:01 PM
To: White2, James; EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] Next version of design and process docs available

 

[EXTERNAL EMAIL]

Hi Jim,

  Is there any interest in reviving the idea of having the Registry Client do the secret retrieval?

 

It of course would have to first be configured with the appropriate vault token, but then could take care of the namespace and actual retrieval of the secrets into the services configuration struct.

 

My thought is the service’s config structure could have a Secrets section which would get pulled from Vault rather than the registry service (i.e. Consul) as part of the GetConfiguration() implementation.

 

Thanks!

   Lenny

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of White2, James
Sent: Sunday, March 31, 2019 4:00 PM
To: EdgeX-TSC-Security@...
Subject: [Edgex-tsc-security] Next version of design and process docs available

 

All,

Thanks for the input last week on

  • our design for protecting EdgeX secrets for Edinburgh Release and
  • the process for addressing security issues (CVE)

 

The next version of these docs is available on the Wiki and at the link locations below:

https://wiki.edgexfoundry.org/download/attachments/329467/Protecting%20EdgeX%20Secrets-v5.pdf?version=1&modificationDate=1554072568311&api=v2

https://wiki.edgexfoundry.org/download/attachments/329467/EdgeX%20Process%20for%20Addressing%20Security%20Issues-v4.pdf?version=1&modificationDate=1554068308940&api=v2

 

We’ll discuss these at this week’s security WG meeting, but we always welcome feedback early.

 

Bryon Nevis and Jim Wang will also present their (Intel) high level planning for Fuji.

 

Thanks,

Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693

james_white2@...

 

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.