Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7498

Google KMS trust manager provider

    Details

    • Type: New Feature
    • Status: Dev backlog
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 7.1.0
    • Fix Version/s: 7.1.0
    • Component/s: devops, security
    • Labels:
      None

      Description

      This issue can be closed once DJ supports Google KMS as a trust manager provider. Using dsconfig it should be possible to configure a Google KMS trust manager provider and use it for obtaining public keys used for TLS. The config framework should provide the following configurable properties:

      • the keyring, which is composed of project, location, and key ring name
      • credentials: some investigation will be required to understand the form these should take

      I this we should just stick with sensible defaults for the other parameters, although I'm not sure if this is possible for the key mappings.

      Useful links:

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                matthew Matthew Swift
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: