RFC : Authentication and secret management #5

New Issue

Open

opened 2025-03-10 04:28:09 +00:00 by johnride · 1 comment

johnride commented 2025-03-10 04:28:09 +00:00

Owner

Copy Link

See ADR 006 Secre Management

To be discussed here.

Two main discussion points :

• Should we provide this functionality of secret management built into Harmony?
• Is keycloak the tool of choice for this job in our context?

See [ADR 006 Secre Management](https://git.nationtech.io/NationTech/harmony/src/branch/master/adr/006-secret-management.md) To be discussed here. Two main discussion points : - Should we provide this functionality of secret management built into Harmony? - Is keycloak the tool of choice for this job in our context?

johnride added the

RFC

Architecture Decision Record

labels 2025-03-10 04:29:50 +00:00

amichaud commented 2025-03-12 13:39:02 +00:00

Owner

Copy Link

All the projects I've been working on in the past have secrets to manage. A project that doesn't have secrets is probably very small and simple, so not a customer target anyway.

I don't have experience with Keycloak. The only thing that bother me is that the main goal of KC is not to manager secrets, so I would be a bit worry to use a tool for something it's not expressively designed for.

All the projects I've been working on in the past have secrets to manage. A project that doesn't have secrets is probably very small and simple, so not a customer target anyway. I don't have experience with Keycloak. The only thing that bother me is that the main goal of KC is not to manager secrets, so I would be a bit worry to use a tool for something it's not expressively designed for.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

switch-client

feat/install_opnsense_node_exporter

nmstate

okd_enable_user_workload_monitoring

feat/impl_installable_crd_prometheus

feat/webappdns

configure-switch

doc/clone

doc/worker-flag

fix/clippy

feat/gen-ca-cert

feat/okd_default_ingress_class

fix/add_routes_to_domain

secrets-prompt-editor

feat/multisiteApplication

feat/ceph-install-score

feat/ceph-osd-score

feat/ceph_validate_health

better-indicatif-progress-grouped

feat/crd-alertmanager-configs

better-cli

opnsense_upgrade

feat/monitoring-application-feature

dev/postgres

feat/cd/localdeploymentdemo

feat/webhook_receiver

feat/kube-prometheus

feat/init_k8s_tenant

feat/discord-webhook-receiver

feat/kube-prometheus-monitor

feat/tenantScore

feat/teams-integration

feat/slack-notifs

monitoring

runtime-profiles

snapshot-latest

Labels

Clear labels   

Architecture Decision Record

  

Good first issue

  

RFC

No Label

Architecture Decision Record

Good first issue

RFC

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: NationTech/harmony#5

No description provided.