Deploy Barbican

Deploy BarbicanΒΆ

Barbican is an OpenStack service that provides a REST API for secured storage as well as for provisioning and managing of secrets such as passwords, encryption keys, and X.509 certificates.

Barbican requires a backend to store secret data in its database. If you have an existing Dogtag backend, deploy and configure Barbican with it as described in Deploy Barbican with the Dogtag backend. Otherwise, deploy a new Dogtag backend as described in Deploy Dogtag. For testing purposes, you can use the simple_crypto backend.


Due to a limitation, unshelving of an instance and booting from a snapshot require manual intervention when integration between Nova and Barbican is enabled and instances are only allowed to boot from signed Glance images. Both shelve and snapshot operations in Nova create an image in Glance. You must manually sign this image to enable Nova to boot an instance from this snapshot or to unshelve an instance. Nova does not automatically sign the snapshot images it creates.