Develop Secret Service
As a Platform Administrator I need a common service interface that can facilitate the storage and retrieval of various types of secrets in a specified repository(ies) so that secrets can be secure, separated from the secrets in the infrastructure repository, and be managed easily be interfacing applications.
Acceptance Criteria
- Service is written in Java using the same frameworks, patterns, and practices as other core OSDU services.
- Unit tests pass
- Design is in alignment with OpenAPI specification. Take liberty to make updates to design as needed (i.e. to incorporate partition awareness)
- API implements a common interface. (aka Cloud Service Provider interface). i.e. ISecretManager GetSecret, StoreSecret, etc
- Implementation code, like that for Secret Manager, will be in its own provider folder (follow same pattern you see on OSDU core services)
- Secret Manager code is in its own specific repository
- Secret Service is partition-aware
- Python SDK is updated
Tasks
-
Find and Compare the open source solutions for Secret Service storage. -
Compare HashiCorp Vault with Keycloak. -
Compare HashiCorp with CSP Native solutions. -
Finalize the Approach for secret service development. -
Review the code for other OSDU Core APIs and get a feel for the frameworks and style. Reach out on Slack and connect with others if you have questions about it. -
Review and understand the Secret Service ADR -
Review and understand the OpenAPI proposal for the Secret Service -
Understand how to use the existing AWS Secret Manager that has been set up for EDS. This will be the "implementation" level underneath the interface. -
Coordinate the creation of a Secrets Manager repository under Core Services (Raj/Ethiraj or David Diederich -
Create unit tests. -
Create APIs -
Update SDK -
Develop sequence diagram ![Sequence_Diagram_For_Retrieving_Secrets] - [x] Configuring local setup for test environment [Shankar]
-
Test unit cases [Shankar]. It is related with Create unit tests so it is also in progress.