Support for shadow identity provider

zalando-stups / mint-worker

The secret rotator and distributor for the STUPS ecosystem

http://stups.readthedocs.org/en/latest/components/mint.html

Other

9 stars 3 forks source link

Support for shadow identity provider #30

Open prayerslayer opened 8 years ago

prayerslayer commented 8 years ago

Both are behind the same Service User API.

Pseudocode for password rotation:

password, txid = primary.generate_password(client_id)
shadow.generate_password(client_id, txid, password)
s3.save('password.json', { password })
primary.commit_tx(txid)
shadow.commit_tx(txid)

[ ] Create/update user
[ ] Rotate password
[ ] Rotate client
[ ] Make shadowing optional

hjacobs commented 8 years ago

This issue is now obsolete, we should rather do #31 .