Key Manager service¶
MOSK Key Manager service (OpenStack Barbican) provides secure storage, provisioning, and management of cloud application secret data, such as Symmetric Keys, Asymmetric Keys, Certificates, and raw binary data.
Configuring the Vault back end¶
Parameter |
|
---|---|
Usage |
Specifies the object containing the Vault parameters to connect to Barbican. The list of supported options includes:
If the Vault back end is used, configure it properly using the following parameters: spec:
features:
barbican:
backends:
vault:
enabled: true
approle_role_id: <APPROLE_ROLE_ID>
approle_secret_id: <APPROLE_SECRET_ID>
vault_url: <VAULT_SERVER_URL>
use_ssl: false
Note Since MOSK does not currently support the
Vault SSL encryption, set the |
- 0(1,2)
Setting this field in the
OpenStackDeployment
custom resource has been deprecated. Use OpenStackDeploymentSecret custom resource to define the cloud’s secret parameters.For the deprecation details, refer to OpenStackDeployment CR fields containing cloud secret parameters.