blob: 997cc9ae1e37dbe98fd1c5c9f0dacc3193db2c80 [file] [log] [blame]
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Intel Corporation, Inc
Architecture
------------
This project aims at the Storage of sensitive information such as passwords, username, and tokens.
**Current state and gaps**
Many services in ONAP use password based authentication. Eg: Database servers, publish/subscribe brokers etc.
Passwords are stored in plain text files in many services.
With multiple instances of these services, the attack surface area becomes very big.
Hence there is a need to ensure that attack surface related to password exposure is reduced.
**Requirement:**
Need for Secure Secret Management.
Services are expected to get the secret only on needed basis using secret reference and remove the secrets once they are used up.
**Secret Service High Level Flow Diagram**
.. image:: sms_high_level.png
:width: 900px
:height: 400px
:alt: SMS Flow Diagram