Details
-
Improvement
-
Resolution: Fixed
-
Major
-
7.0.0
-
1
Description
Currently to use Secrets Management, you have to provide a master password to a cluster at node boot-up. This is problematic as it either needs human interaction or some custom code to push a CLI command at the right time to provide the master password.
We should allow a user to provide a script which provides the master password that is executed at node boot-up. This script can read from a file, call a REST API, use external secrets management tools etc.
Attachments
Issue Links
| For Gerrit Dashboard: MB-48217 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 192281,23 | MB-48217: [SM] encryption_service refactoring | master | ns_server | Status: MERGED | +2 | +1 |
| 192282,24 | MB-48217: [SM] Add logging in gosecrets | master | ns_server | Status: MERGED | +2 | +1 |
| 192283,24 | MB-48217: [SM] Send panic reason to babysitter | master | ns_server | Status: MERGED | +2 | +1 |
| 192284,24 | MB-48217: [SM] Log unexpected messages in encr service | master | ns_server | Status: MERGED | +2 | +1 |
| 192336,24 | MB-48217: [SM] Add some tests for secret management | master | ns_server | Status: MERGED | +2 | +1 |
| 192846,24 | MB-48217: [SM] Add support for gosecrets config reload | master | ns_server | Status: MERGED | +2 | +1 |
| 192919,15 | MB-48217: [SM] Split encryption_service code into | master | ns_server | Status: MERGED | +2 | +1 |
| 192920,17 | MB-48217: [SM] Add some gosecrets unit-tests | master | ns_server | Status: MERGED | +2 | +1 |
| 193509,14 | MB-48217: [SM] Support for reading master password via cmd | master | ns_server | Status: MERGED | +2 | +1 |
| 193510,14 | MB-48217: [SM] Manage datakey using external cmd | master | ns_server | Status: MERGED | +2 | +1 |
| 193760,12 | MB-48217: [SM] Add secret management settings API | master | ns_server | Status: MERGED | +2 | +1 |
| 193888,11 | MB-48217: [SM] Add unit-tests for upgrade from 7.2 | master | ns_server | Status: MERGED | +2 | +1 |
| 193889,13 | MB-48217: [SM] Add cluster tests for password via command | master | ns_server | Status: MERGED | +2 | +1 |
| 193953,10 | MB-48217: [SM] Fix API call that comes right after another failed... | master | ns_server | Status: MERGED | +2 | +1 |
| 194149,14 | MB-48217: [SM] Support for password change in case when... | master | ns_server | Status: MERGED | +2 | +1 |
| 194917,9 | MB-48217: [SM] Make sure password can be reset to ""... | master | ns_server | Status: MERGED | +2 | +1 |
| 195674,2 | MB-48217: [SM] Add more unit tests | master | ns_server | Status: MERGED | +2 | +1 |
| 195678,6 | MB-48217: [SM] Don't do sync stop in cb_gosecrets_runner | master | ns_server | Status: MERGED | +2 | +1 |
| 195840,3 | MB-48217, MB-51082: [SM] Rename "state" in... | master | ns_server | Status: MERGED | +2 | +1 |
| 196402,4 | MB-48217: [SM] Log # of attempts left when waiting... | master | ns_server | Status: MERGED | +2 | +1 |
| 196403,5 | MB-48217: [SM] Don't prompt the master password when... | master | ns_server | Status: MERGED | +2 | +1 |