[Freeipa-devel] Password Vault Implementation

Simo Sorce simo at redhat.com
Fri Aug 1 17:21:24 UTC 2014 

On Fri, 2014-08-01 at 10:28 -0500, Endi Sukma Dewata wrote:
> On 7/31/2014 5:34 PM, Simo Sorce wrote:
> > I think you misunderstood what I was proposing.
> > I was proposing the vault is the unit of encryption, as a single blob of
> > data. But the vault would still contain multiple secrets, simply
> > formatted into a json object.
> >
> > Something like:
> >
> > plaintext:
> >      {
> >          { id: "email",
> >            data: "Passw0rd",
> >            description: "my email password"
> >          },
> >          { id: "redhat.com",
> >            data: "Secret5",
> >            description: "redhat.com website password"
> >          },
> >        ...
> >      }
> 
> OK, understood. This means in the service use case the service vault 
> password will have to be provisioned to service instances using separate 
> vaults that use asymmetric encryption key. This type of vaults will 
> become a "drop box" and will not support escrow.

I do not understand why escrow would not be supported, can you
elaborate ?

> >> Any concern about the crypto operations being computationally expensive,
> >> or retrieving the whole blob just to see the metadata would waste bandwidth?
> >
> > How big do you think the vault would be ?
> > It is not meant to contain anything more than a bunch of passwords, do
> > we really have a problem if the blob is a few tens of kilobytes ?
> 
> I can't say how people will use it, but regardless, we can configure the 
> size limit on the server.

Right

> > Given service passwords is an actual use case I think /services should
> > be a top level namespace available by default.
> 
> OK. Any preference how the service vaults should be structured?
> * /services/<service name>@<server name> -> repetitive server name?
> * /services/<server name>/<service name> -> more organized

The latter seem to make more sense to me.

> Is this going to be the service drop box (to provision the service vault 
> password) or the service vault (that the instance is going to access 
> using the service vault password)? Or will the instances access a shared 
> service vault?

Good questions, I am not sure.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list