[Freeipa-devel] Password Vault Implementation
Endi Sukma Dewata
edewata at redhat.com
Tue Jul 29 17:01:26 UTC 2014
On 7/15/2014 9:13 AM, Endi Sukma Dewata wrote:
> Hi,
>
> I've been working on the implementation details of password vault:
> http://www.freeipa.org/page/V4/Password_Vault_Implementation
>
> There are some issues (i.e. vault password and vault key) that aren't
> specifically defined in the design, so we need to make some decisions.
>
> Please let me know if you have any comments or questions. Thanks!
Hi,
I have made a number of changes to the above page including:
* using a vault as a container of secrets
* using a single encryption key per vault instead of per secret
* using one escrow officer per vault
* adding escrow, access control, & configuration
* adding client API & web services
* adding database & transaction
* adding FAQ
The options that I presented in the original version were removed
because as I worked on the details it appeared that the alternatives
don't actually make sense.
Please take a look and let me know if you have any comments or
questions. There are more details to be fleshed out, so I'll keep
updating the page. Thanks.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list