Issue with core microservice access credentials in the secret service when secret service is enabled.


Zeng, Tingyu <tingyu.zeng@...>
 

All, 

I have created an issue #1341 in the edgex-go repo that addressed the discussion during our secruity WG meeting.


Here I propose to add one more command line option in the core microservice that is going to consume the secret service. Fore coredata service I think the best place is in https://github.com/edgexfoundry/edgex-go/blob/master/cmd/core-data/main.go.  as you see it parses the command line parameters. we need to add one more option, something like 

flag.BoolVar(&sercretservicerequired,"secretservicerequired",true,"Indicates if the secret service is required.")

By default the value is true, which means we need to check if the secret service is up and running to provide credentials. if the secret service is down, then we need to exit the whole micro service.

If it is false, when we check the secret service and if it is down, we need to continue the original logic, means we need to check the configuration file and then consul to get the credentials. In another words, we try our best to look up all the places to get the credentials. 

let me know if you have any questions.

Thanks
Tingyu

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.