Secret service as a Centralized Solution for Managing Secrets.
Centralized Solution for Managing Secrets
Date: 2023-09-29
Status
Proposed
Context
Key points
- There are OSDU Services that do not utilize the Secret Service as a place to keep secrets, making them scattered, and increasing potential attack surface.
Decision
Secret Service V2 API:
Key points
- Use a single centralized service for secrets management
- Register and Partition service refactoring assumed to use Secret service
- Secret service should be improved to comply with all the requirements
Consequences
Pros
- Single, universal, and centralized secret storage - no need to have different implementations for each service (Register, EDS)
- Extendable, cloud- and storage-agnostic approach
- Secure RBAC model