Protecting secrets with Oslo.Config and HashiCorp Vault

Moisés Guimarães

Authentication Cryptography Data Protection Security

Applications and services rely on configuration data in order to be customized, and for a cloud operating system like OpenStack it is not that different.

Mostly written in Python, we have access to ConfigParser from the standard library and many other projects use it to achieve easy configuration with plaintext files. OpenStack Common Libraries (Oslo) has an alternative called oslo.config with additional sources of input like command line arguments or environment variables. With the addition of a feature called source drivers last year, we are now able to increase the security of configuration values storing them in a safer place.

This work focuses on the new source driver that integrates Oslo.Config and Castellan, another Olso module specialized in talking to secret managers, and how we can store our sensitive configuration data using HashiCorp Vault.

Type: Poster session (180 mins); Python level: Intermediate; Domain level: Intermediate

Moisés Guimarães

Red Hat

Moisés Guimarães is a Brazilian programmer from the easternmost place of Americas. He currently works at Red Hat with focus on cryptography and information security.