Re: Issue with core microservice access credentials in the secret service when secret service is enabled.
Based on a call with Trevor, Tingyu and Brandon from my team just after the security working group call, we made some decisions about this design (some that are a reversal of what was discussed on the WG call).
This means that by default, services will still get the database username/password info from Consul or config file for the Edinburgh release and will get the secrets out of Vault only if someone adds the “secrets” command parameter setting.
While the preferred way would be to have secrets coming from Vault by default (especially production), the change for developers and the change to all the blackbox tests immediately (and as discussed in our WG meeting) was going to create too much turmoil this close to the release. We will revisit this default for Fuji. The functionality will still be there, just not on by default.
If you have comments or additional concerns , please let us know.
Director, IoT Platform Development Team & Distinguished Engineer
EdgeX Foundry Technical Steering Committee Vice Chairman
Dell Technologies | IoT Solutions Division
Office +1 512-723-6139, mobile/text +1 612-916-6693
From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Zeng, Tingyu
Sent: Wednesday, May 15, 2019 10:35 AM
Subject: [Edgex-tsc-security] Issue with core microservice access credentials in the secret service when secret service is enabled.
I have created an issue #1341 in the edgex-go repo that addressed the discussion during our secruity WG meeting.
Here I propose to add one more command line option in the core microservice that is going to consume the secret service. Fore coredata service I think the best place is in https://github.com/edgexfoundry/edgex-go/blob/master/cmd/core-data/main.go. as you see it parses the command line parameters. we need to add one more option, something like
if the secret service is required.")
By default the value is true, which means we need to check if the secret service is up and running to provide credentials. if the secret service is down, then we need to exit the whole micro service.
If it is false, when we check the secret service and if it is down, we need to continue the original logic, means we need to check the configuration file and then consul to get the credentials. In another words, we try our best to look up all the places to get the credentials.
let me know if you have any questions.