[wildfly-dev] WildFly Elytron - Credential Store - Next Stages

Jean-Francois Denise jdenise at redhat.com
Tue Nov 27 09:46:02 EST 2018 

Hi Darran,

looking at "Automation of Updates to the Store" in which CLI could be 
involved, I am listing potential issues if the CLI handles it:

- it seems that the clear=>store+alias could be on a per operation 
basis. User could still want to not rely on credential store. So 
enabling globally the transformation would not work.

- Having an interactive workflow would not work well for scripts.

- Introducing new headers dedicated to automatic conversion could work 
(they would have to be recognized and support implemented on server), 
although with multiple credential-references located in the same 
command, the syntax could become complex.

After having played a bit with CLI+credential-references, I am thinking 
that defining a new attribute in the credential-reference (existing 
clear-text and store are alternatives, can't use both) to express that 
the user wants automatic storage would seem quite natural from CLI. 
Furthermore, it would work with CLI existing support for operations.

Something like {clear-text=mypassword, update-store=mystore, 
alias=ALIAS} I would enforce that the update-store already exists.

If that is possible in elytron subsystem, that would make for a simple 
CLI workflow.

JF

On 26/09/2018 15:15, Darran Lofthouse wrote:
> During WildFly 15 and WildFly 16 I am looking at the next stages for 
> credential store development based on a few feature requests we have 
> not handled yet.
>
> We are at the stage where this development is likely to affect 
> multiple areas of the application server, additionally we need to 
> consider these requests as a set so we don't take a decision for one 
> that prevents us working on the remainder.
>
> I have put together a blog post describing some of the general issues 
> we want to look into: -
>
> http://darranl.blogspot.com/2018/09/wildfly-elytron-credential-store-next.html
>
> Some of these changes will have an impact on any subsystem currently 
> referencing the credential store.
>
> Other changes we will need to decide if the solution lies within 
> WildFly Elytron, the management tier of the server, or the admin tools 
> - or possibly a combination of all three.
>
> I am also going to share this link in the community forums to try and 
> obtain some additional feedback from end users.
>
> Regards,
> Darran Lofthouse.
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20181127/26450abb/attachment.html

More information about the wildfly-dev mailing list