Kiran Kamineni | 78d594b | 2018-05-22 17:38:16 -0700 | [diff] [blame] | 1 | .. This work is licensed under a Creative Commons Attribution 4.0 International License. |
| 2 | .. http://creativecommons.org/licenses/by/4.0 |
| 3 | .. Copyright 2018 Intel Corporation, Inc |
| 4 | |
| 5 | Architecture |
Kiran Kamineni | d977f32 | 2018-05-23 11:05:08 -0700 | [diff] [blame^] | 6 | ------------ |
Kiran Kamineni | 78d594b | 2018-05-22 17:38:16 -0700 | [diff] [blame] | 7 | |
| 8 | This project aims at the Storage of sensitive information such as passwords, username, and tokens. |
| 9 | |
| 10 | **Current state and gaps** |
| 11 | |
| 12 | Many services in ONAP use password based authentication. Eg: Database servers, publish/subscribe brokers etc. |
| 13 | Passwords are stored in plain text files in many services. |
| 14 | With multiple instances of these services, the attack surface area becomes very big. |
| 15 | Hence there is a need to ensure that attack surface related to password exposure is reduced. |
| 16 | |
| 17 | **Requirement:** |
| 18 | |
| 19 | Need for Secure Secret Management. |
| 20 | Services are expected to get the secret only on needed basis using secret reference and remove the secrets once they are used up. |
| 21 | |
| 22 | **Secret Service High Level Flow Diagram** |
| 23 | |
| 24 | .. image:: sms_high_level.png |
| 25 | :width: 900px |
| 26 | :height: 400px |
| 27 | :alt: SMS Flow Diagram |