You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2021/03/18 17:09:21 UTC

[GitHub] [trafficcontrol] alficles commented on pull request #5649: Add blueprint for Traffic Vault Interface

alficles commented on pull request #5649:
URL: https://github.com/apache/trafficcontrol/pull/5649#issuecomment-802127880


   I mostly like the interface change here. One use case I think we'll see a few folks want is segregated systems by kind. That is, they may not want to use the same secrets storage for SSL keys and URI Signing keys. In fact, they may want to split up SSL keys into multiple backends by category as well. I think a plugin system would allow folks to meet really specific goals like that without undue effort. I _think_ the proposal here is most of a plugin system itself, though. It kinda depends exactly how you implement it.
   
   Swapping in a security hat, I'm not seeing a whole lot of details about how we'll use Postgres and pgcrypto to create an improved backend. It's pretty easy to make something with the exact same security properties as we have in Riak, but I think a major part of this initiative is to actually improve on that. Is it possible to get a little more detail on how we're planning to organize the new backend? Specifically, are we using asymmetric or symmetric encryption (or is it configurable)? Where are we putting the encryption keys themselves and how are we securing them?
   
   Here's my wishlist of stuff that would be really nice to be able to have in a secrets storage system:
     - TLS Mutual Auth
     - Audit trail for access and modification
     - Encryption for secrets at rest
     - Strong key for at-rest encryption with a decryption key that cannot be accessed from the secrets storage system
   
   I think postgres offers all that, depending on how we design it. I'm not quite sure, reading the blueprint, what the design plan for the blueprint will be. Any chance we could flesh that out some?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org