You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Mikhail Pochatkin (Jira)" <ji...@apache.org> on 2023/01/20 12:11:00 UTC
[jira] [Updated] (HDDS-7814) Implement remote S3 secret storage
[ https://issues.apache.org/jira/browse/HDDS-7814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mikhail Pochatkin updated HDDS-7814:
------------------------------------
Description: The S3 secrets are currently stored in the RocksDB of the Ozone manager nodes. With this approach, it is not possible to separate the storage of secrets from nodes with an ozone manager. This is a limitation in some environments, for various reasons, such as security issues, so it is proposed to add the ability to store secrets separately from the ozone managers. One of the options for storing secrets would be to use a third-party solution, an example of HashiСorp Vault . Therefore, it is proposed to add the implementation of the storage of S3 secrets based on a remote http server. It is proposed to configure the type of storage using a special property in the ozone site. Leave the current RocksDB as the default implementation to maintain backwards compatibility. (was: The S3 secrets are currently stored in the RocksDB of the Ozone manager nodes. With this approach, it is not possible to separate the storage of secrets from nodes with an ozone manager. This is a limitation in some environments, for various reasons, such as security issues, so it is proposed to add the ability to store secrets separately from the ozone managers. One of the options for storing secrets would be to use a third-party solution, an example of HashiСorp Vault . Therefore, it is proposed to add the implementation of the storage of c3 secrets based on a remote http server. It is proposed to configure the type of storage using a special property in the ozone site. Leave the current RocksDB as the default implementation to maintain backwards compatibility.)
> Implement remote S3 secret storage
> ----------------------------------
>
> Key: HDDS-7814
> URL: https://issues.apache.org/jira/browse/HDDS-7814
> Project: Apache Ozone
> Issue Type: Improvement
> Components: S3
> Affects Versions: 1.4.0
> Reporter: Mikhail Pochatkin
> Priority: Major
>
> The S3 secrets are currently stored in the RocksDB of the Ozone manager nodes. With this approach, it is not possible to separate the storage of secrets from nodes with an ozone manager. This is a limitation in some environments, for various reasons, such as security issues, so it is proposed to add the ability to store secrets separately from the ozone managers. One of the options for storing secrets would be to use a third-party solution, an example of HashiСorp Vault . Therefore, it is proposed to add the implementation of the storage of S3 secrets based on a remote http server. It is proposed to configure the type of storage using a special property in the ozone site. Leave the current RocksDB as the default implementation to maintain backwards compatibility.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org