Bug 1311056 - Add a Secrets as a Service component
Summary: Add a Secrets as a Service component
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd   
(Show other bugs)
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Steeve Goveas
Aneta Šteflová Petrová
URL:
Whiteboard:
Keywords: TechPreview
Depends On:
Blocks: 1435299
TreeView+ depends on / blocked
 
Reported: 2016-02-23 09:56 UTC by Jakub Hrozek
Modified: 2017-05-03 14:23 UTC (History)
8 users (show)

Fixed In Version: sssd-1.14.0-6.el7
Doc Type: Enhancement
Doc Text:
Support for secrets as a service This update adds a responder named `secrets` to the System Security Services Daemon (SSSD). This responder allows an application to communicate with SSSD over a UNIX socket using the Custodia API. This enables SSSD to store secrets in its local database or to forward them to a remote Custodia server.
Story Points: ---
Clone Of:
: 1435299 (view as bug list)
Environment:
Last Closed: 2016-11-04 07:16:27 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2476 normal SHIPPED_LIVE sssd bug fix and enhancement update 2016-11-03 14:08:11 UTC

Description Jakub Hrozek 2016-02-23 09:56:35 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2913

This component securely stores secrets on behalf of applications, and allows to route and store secrets centrally if needed.

See: https://fedorahosted.org/sssd/wiki/DesignDocs/SecretsService

Comment 1 Jakub Hrozek 2016-06-29 20:55:59 UTC
    2aafa4811cd9f74f70820b0e266df8e4c7ed6ad7
    a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7
    e625eb47a3091d92eda2271b123f8aab06227b63
    8f2a34cc6964a1f80a1434e05315a7ae0bb5774e
    625bb2ddf15e8f305a53afa44e87f2146fa930af
    1dd679584241a0f9b29072c7eed1c5c5e4a577e4
    a8d1a344e580f29699aed9b88d87fc3c6f5d113b
    85bd23a89282c96487e64872ac955e271e445d0b
    f0beb4e313970ffd075cd711ed6cfbac03ad5af6
    b1ce544568eff89f2263ae180e323f263f1cff3a
    052f8aa2034f7b091097dc5fdafc201b7d684525
    e5911e72198df96ec7cfe486ff66363c2297a5f7
    4f3a9d837a55b49448eca3c713c85a406207e523
    9a6d162cacfaf6946a1bf974b80b643d2a052d7a
    ba5e2d5e261e5f3ac6ce00227595f7265d2c715e
    f9f3dbc87d49bea05a54c2bcd9f7e40e4e8ab85a
    75ba524d356fed615a9c92152f64aebf0bdaf9c2
    96a624877512ac352736047023b65b8688039ae1

Comment 4 Marc Muehlfeld 2016-07-20 06:46:15 UTC
Jakub, can you please review the DocText to make sure it's correct like this?

Comment 5 Jakub Hrozek 2016-07-20 07:24:57 UTC
Sounds good to me, thank you.

Comment 6 Amith 2016-09-22 09:30:23 UTC
Verified the BZ on SSSD Version: sssd-1.14.0-43.el7.x86_64

Finished initial round of testing for the tech preview. Got the following test cases reviewed by DEV:

Case-01: Enable and verify sssd-secrets service.
Case-02: Test sssd behaviour by adding secrets to services directive.
Case-03: Test sssd behaviour by adding a secrets section
Case-04: Verify stored secret for a local user.
Case-05: Test SSSD behavior by adding a duplicate secret name.
Case-06: Verify a user's access rights to stored secrets.

Comment 8 errata-xmlrpc 2016-11-04 07:16:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html


Note You need to log in before you can comment on or make changes to this bug.