...
View file | ||||
---|---|---|---|---|
|
The project will provide a Secret Management Service with the following features and capabilities:
- Support multiple Secret domains
- Each domain can be used to multiple secrets
- Each domain is associated with various policies
- Each secret can have multiple key value pairs
- Certificate based authentication
- Authenticate users with AAF
- Token based authentication
- Securely store secrets using AES encryption
- Use TPM/SGX for key storage if available
- RESTful API support for ADD, UPDATE, DELETE of secrets
The below diagram illustraces the Secret Service High Level Flow in an ONAP Context
The below diagram illustrates how a micro service will use the Secret Client Agent to talk to the Secret Service to store or retrieve passwords.