You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to authenticate with a BMC, a username and password are required. These can be the same for all devices in a cluster or they can be individual per device. In either case, we need to allow admins to securely store them separately from SMD which is not suited to be a secure credential store. The credentials will need to be retrievable for unattended actions.
Admins with proper authentication to OpenCHAMI should be able to issue commands to the BMCs through the system (for power control, diagnostics, etc...) without needing to know the credentials used.
Options:
Store a url for credentials with drivers for various storage engines including Hashicorp Vault and file://
Store encrypted passwords in an OpenCHAMI backend like Viper config
other?
We need to consider the most secure option for sites like LANL, but we also need to consider a low infrastructure option for sites without significant existing infrastructure.
In order to authenticate with a BMC, a username and password are required. These can be the same for all devices in a cluster or they can be individual per device. In either case, we need to allow admins to securely store them separately from SMD which is not suited to be a secure credential store. The credentials will need to be retrievable for unattended actions.
Admins with proper authentication to OpenCHAMI should be able to issue commands to the BMCs through the system (for power control, diagnostics, etc...) without needing to know the credentials used.
Options:
We need to consider the most secure option for sites like LANL, but we also need to consider a low infrastructure option for sites without significant existing infrastructure.
Originally posted by @alexlovelltroy in #32 (comment)
The text was updated successfully, but these errors were encountered: