Description
Customers who do not use OAuth2 need a secure way to store and retrieve Console credentials without relying on plaintext values in config/config.yml. Console should provide a supported way to use a secure local credential store, such as a credential manager or equivalent mechanism, for sensitive credentials required by the application.
Requirement
Console must provide a supported way for deployments that do not use OAuth2 to securely store and retrieve sensitive credentials outside of config/config.yml.
Customer need
Customers want to avoid storing usernames and passwords in plaintext configuration files. They need a simple and supported way to manage these credentials securely in local or enterprise deployments where OAuth2 is not available or not desired.
Scope
- Support secure storage and retrieval of Console credentials for deployments without OAuth2.
- Provide a way to disable plaintext storage of sensitive credentials in
config/config.yml.
- Provide a customer-usable workflow for setting, updating, and removing stored credentials. This will need some brainstorming.
- Support the deployment environments currently supported by Console.
Acceptance criteria
- A customer can run Console without OAuth2 and without storing required sensitive credentials in plaintext in
config/config.yml.
- Console can retrieve required credentials from a secure storage mechanism at runtime.
- Customers can set, update, and rotate stored credentials through a supported workflow.
- Customers can disable plaintext credential usage in
config/config.yml for supported sensitive values.
- The feature is documented from a customer workflow perspective.
Description
Customers who do not use OAuth2 need a secure way to store and retrieve Console credentials without relying on plaintext values in
config/config.yml. Console should provide a supported way to use a secure local credential store, such as a credential manager or equivalent mechanism, for sensitive credentials required by the application.Requirement
Console must provide a supported way for deployments that do not use OAuth2 to securely store and retrieve sensitive credentials outside of
config/config.yml.Customer need
Customers want to avoid storing usernames and passwords in plaintext configuration files. They need a simple and supported way to manage these credentials securely in local or enterprise deployments where OAuth2 is not available or not desired.
Scope
config/config.yml.Acceptance criteria
config/config.yml.config/config.ymlfor supported sensitive values.