Details

    • Type: Story
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.5.0
    • Component/s: Module - Cryptography
    • Labels:
      None

      Description

      A SecretsProvider contains the set of active and inactive SecretStores. IDM needs a service that contains a SecretsProvider instance that can be referenced by other IDM services.

      The config for this service could look something like this:

      {
         "activeStores":[
            {
               ... SecretStore configuration ...
            },{
               ... another SecretStore configuration ... 
            }
         ],
         "purposes":[
            "saml-signing",
            "oidc-signing",
            "hsm-pin",
            "other"
         ]
      }
      

      This config was borrowed from https://docs.google.com/document/d/1BkhAJwWDOAffKKyX-5v2wL-K1n71HWBjsLb4IkeX8P8/edit#. When designing this config we should consult other products so that our config looks similar for better platform understanding.

      Acceptance Criteria

      • Must be able to configure the SecretStores IDM currently supports (HSM, and filebased keystores)
      • Should be able to define custom purposes beyond the default purposes available in the Purposes class
      • Must be able to retrieve named secrets, an active secret for a given purpose, and all valid secrets for a given purpose from the configured SecretStores
      • Must have an osgi service that can be referenced by other IDM services to access the SecretsApi
      • Should have unit tests to prove above functionality.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                whitney.hunter Whitney Hunter [X] (Inactive)
                Reporter:
                jason Jason Lemay
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: