[Cryptography-dev] Key storages
Paul Kehrer
paul.l.kehrer at gmail.com
Mon Dec 19 18:18:36 EST 2016
This sounds like a good idea for a package that depends on cryptography,
but not in cryptography itself. If you decide to do that please let me know
as I'd love to see it!
-Paul Kehrer (reaperhulk)
On December 19, 2016 at 3:19:08 PM, Alex Gaynor (alex.gaynor at gmail.com)
wrote:
I'm opposed -- there's no benefit to this being in cryptography itself;
this API can be totally implemented outside of it.
Alex
On Mon, Dec 19, 2016 at 4:17 PM, Boris Bobrov <bbobrov at mirantis.com> wrote:
> Hi!
>
> I work on OpenStack Keystone. We use Fernet keys for our tokens. A
> token is a basically a tuple encrypted with fernet key.
>
> Fernet keys need to be rotated once in a while. Now we store them on
> disk. But it is problematic to rotate them in containers, because
> containers are supposed to be immutable.
>
> So idea of key storages came up. For example, we could store the
> keys in a database. Or in OpenStack Barbican, which is a REST API
> designed for the secure storage, provisioning and management of
> secrets such as encryption keys. Or in Custodia,
> https://github.com/latchset/custodia
>
> However, it doesn't sound like this should be in Keystone. It is
> not keystone-specific and all Fernet keys users will probably
> benefit of that. What do you think about adding this sort of
> functionality to cryptography?
>
> The idea is to define an abstract class in cryptography for a storage.
> An instance of storage will be passed to MultiFernet, which will
> read the keys from there, create individual instances of
> fernet.Fernet and perform all the usual stuff. Storage classes can
> be implemented inside cryptography or outside of it.
>
> What do you think about this?
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev at python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20161220/39e82e00/attachment.html>
More information about the Cryptography-dev
mailing list