Okay, so if the "secrets" handler is using a Unix socket to proxy to Custodia, does that imply Custodia has to be running on the same machine as commissaire-server? In the example below, it looks like commissaire-storage-service has the Custodia config, and that service may be running on a different machine than commissaire-server.
Would it make sense for commissaire-storage-service to call back to our own /api/v0/secrets endpoint, instead of accessing Custodia directly?
I feel like I'm not seeing a piece of this clearly.
Got'cha. So in that case do we still need the "custodia_api_id" and "custodia_api_key" things in the storage config? It's not clear to me what those are for. Wait, I think I get it now. That's linkage with the Custodia config, right? Didn't look at that part closely.
Correct. Those would be used as the auth into custodia through our endpoint. Since we'd just be proxying access and allowing custodia to handle it's own access we'd need to add the auth changes listed.
One other piece to this is how commissaire-storage-service learns where the /api/v0/secrets endpoint is. Might be nice if commissaire-http could slip this info to it somehow so we can avoid another line item in storage.conf.
(... or bring back the configuration-in-etcd concept from MVP ...)
@ashcrow: About that ⬆️ ... now that I'm taking a closer look at Custodia, it's not clear to me whether the responsibility of installing Custodia and configuring it correctly falls on Commissaire or our users. Who will own Custodia's config file and how to you envision this all getting set up?
Should we create a container image for commissaire-http + Custodia, configured the way we want (Unix socket, encrypted-etcd backend, etc)? That might significantly simplify the setup instructions.
@mbarnes I believe the version we use internally should be installed by us ... either via container, pip, or whatever. Exposing other instances would be up ops folks who want to provide them as extra services.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.