diff options
Diffstat (limited to 'docs/architecture.rst')
-rw-r--r-- | docs/architecture.rst | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/architecture.rst b/docs/architecture.rst new file mode 100644 index 0000000..3055ae3 --- /dev/null +++ b/docs/architecture.rst @@ -0,0 +1,27 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2018 Intel Corporation, Inc + +Architecture +============ + +This project aims at the Storage of sensitive information such as passwords, username, and tokens. + +**Current state and gaps** + +Many services in ONAP use password based authentication. Eg: Database servers, publish/subscribe brokers etc. +Passwords are stored in plain text files in many services. +With multiple instances of these services, the attack surface area becomes very big. +Hence there is a need to ensure that attack surface related to password exposure is reduced. + +**Requirement:** + +Need for Secure Secret Management. +Services are expected to get the secret only on needed basis using secret reference and remove the secrets once they are used up. + +**Secret Service High Level Flow Diagram** + +.. image:: sms_high_level.png + :width: 900px + :height: 400px + :alt: SMS Flow Diagram |