Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1136

Provision Consistent Credentials For Generated Topologies

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.14.0
    • 0.14.0
    • Server
    • None

    Description

      For Knox HA scenarios, the password used to encrypt/decrypt query params MUST be the same across all of the participating Knox instances. Today, synching these passwords is a manual activity.

      With Knox now discovering descriptors from remote registries, requiring an admin to manually configure the credential store for each participating Knox instance prior to deploying the descriptor to the remote registry limits the usefulness of this new feature and introduces potential for frequent failed deployments.

      Knox can pre-provision a password for a topology prior to the generation of that topology, based on the master secret, in a manner which will be consistent across all the participating Knox instances.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            pzampino Philip Zampino
            pzampino Philip Zampino
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment