Comment 2 for bug 1721003
Revision history for this message
| Cédric Jeanneret deactivated (cjeanneret-c2c-deactivated) wrote | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2472118
demo site
(Get the code!)
Hello Rob,
Here's some context:
I'm coding a script that will allow to get a let's encrypt certificate and share it between the controllers for CloudDomain domain.
Thus, it would be good if the overcloud nodes could access Vault service using the keytab they get when registered in IPA using the novajoin on the undercloud.
That way, my script will be able to:
- securely access the secret storage containing private key, certificate and chain
- ensure accesses are authenticated (with the keytab)
- ensure the authenticated principal is allowed to access the vault
Plus, doing so would prevent the need to get a standalone custodia running somewhere.
Does it make sense?
Cheers,
C.