Pike Series Release Notes

Pike Series Release Notes



Now within a single deployment, multiple secret store plugin backends can be configured and used. With this change, a project administrator can pre-define a preferred plugin backend for storing their secrets. New APIs are added to manage this project level secret store preference.

New Features

  • New feature to support multiple secret store plugin backends. This feature is not enabled by default. To use this feature, the relevant feature flag needs to be enabled and supporting configuration needs to be added in the service configuration. Once enabled, a project adminstrator will be able to specify one of the available secret store backends as a preferred secret store for their project secrets. This secret store preference applies only to new secrets (key material) created or stored within that project. Existing secrets are not impacted. See http://docs.openstack.org/developer/barbican/setup/plugin_backends.html for instructions on how to setup Barbican multiple backends, and the API documentation for further details.
  • Maintain the policy rules in code and add an oslo.policy CLI script in tox to generate policy sample file. The script can be called like “oslopolicy-sample-generator –config-file=etc/oslo-config-generator/policy.conf” and will generate a policy.yaml.sample file with the effective policy.

Deprecation Notes

  • Removed application/pkix media type because Barbican will not be using media types for format conversion.

Other Notes

  • oslo-config-generator is now used to generate a barbican.conf.sample file
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.