Re: [Edgex-tsc-core] Security Enablement
Jacob Blain Christen
toggle quoted messageShow quoted text
I have an open question to Trevor in Slack DM as to what "security=on" would mean on a per service basis but my concern with this proposal is that security is not simply turned on, it is more an assessment of a number of sometimes-orthogonal, granular configurations and whether or not the system has enough information to make use of them in various contexts. Security isn't a feature flag it is more of a feature matrix.
So, if "security=on" means obtaining secrets from Vault instead of local filesystem or Consul (as per DM with Trevor) then a "secure" installation of an EdgeX Service is one that has configured its secret provider/source to be Vault. This formulation is descriptive whereas "security=on" is prescriptive. AKA "if you wish to configure this service to be secure then configure it to get secrets from Vault or some other secure source"
On Mon, Aug 12, 2019 at 1:17 PM espy <espy@...> wrote:
Jacob L. E. Blain Christen