Barbican密钥管理器服务

博客 分享
0 223
张三
张三 2022-05-07 11:58:55
悬赏:0 积分 收藏

Barbican密钥管理器服务

Barbican密钥管理器服务 Barbican密钥管理器服务

Barbican服务介绍
Key Manager 服务 (barbican) 提供机密数据的安全存储、配置和管理。这包括密钥材料,例如对称密钥、非对称密钥、证书和原始二进制数据。
Barbican 是 OpenStack 的key管理组件,定位在提供 REST API 来安全存储、提供和管理“秘密”。
Barbican最常用的功能是作为OpenStack环境中的密钥生成器,为各种加解密操作提供支持;同时,Barbican还可以保存OpenStack环境中的用户机密数据。

节点IP
controller10.60.3.7
compute10.60.3.21

控制节点安装服务

执行iaas-install-barbican.sh安装脚本

[root@controller ~]# iaas-install-barbican.sh

使用Barbican服务

使用openstack命令创建一个名为secret01的secret

[root@controller ~]# openstack secret store --name secret01 --payload secretkey+---------------+-----------------------------------------------------------------------+| Field         | Value                                                                 |+---------------+-----------------------------------------------------------------------+| Secret href   | http://localhost:9311/v1/secrets/0c75b604-1cae-4172-b632-b769f1d649e3 || Name          | secret01                                                              || Created       | None                                                                  || Status        | None                                                                  || Content types | None                                                                  || Algorithm     | aes                                                                   || Bit length    | 256                                                                   || Secret type   | opaque                                                                || Mode          | cbc                                                                   || Expiration    | None                                                                  |+---------------+-----------------------------------------------------------------------+

查询secret列表信息

[root@controller ~]# openstack secret list+-----------------------------------------------------------------------+----------+---------------------------+--------+-----------------------------+-----------+------------+-------------+------+------------+| Secret href                                                           | Name     | Created                   | Status | Content types               | Algorithm | Bit length | Secret type | Mode | Expiration |+-----------------------------------------------------------------------+----------+---------------------------+--------+-----------------------------+-----------+------------+-------------+------+------------+| http://localhost:9311/v1/secrets/0c75b604-1cae-4172-b632-b769f1d649e3 | secret01 | 2022-05-07T11:52:35+00:00 | ACTIVE | {u'default': u'text/plain'} | aes       |        256 | opaque      | cbc  | None       |+-----------------------------------------------------------------------+----------+---------------------------+--------+-----------------------------+-----------+------------+-------------+------+------------+

使用命令获取secret01密钥的元数据

[root@controller ~]# openstack secret get http://localhost:9311/v1/secrets/0c75b604-1cae-4172-b632-b769f1d649e3+---------------+-----------------------------------------------------------------------+| Field         | Value                                                                 |+---------------+-----------------------------------------------------------------------+| Secret href   | http://localhost:9311/v1/secrets/0c75b604-1cae-4172-b632-b769f1d649e3 || Name          | secret01                                                              || Created       | 2022-05-07T11:52:35+00:00                                             || Status        | ACTIVE                                                                || Content types | {u'default': u'text/plain'}                                           || Algorithm     | aes                                                                   || Bit length    | 256                                                                   || Secret type   | opaque                                                                || Mode          | cbc                                                                   || Expiration    | None                                                                  |+---------------+-----------------------------------------------------------------------+

通过命令获取secret01密钥的数据

[root@controller ~]# openstack secret get http://localhost:9311/v1/secrets/0c75b604-1cae-4172-b632-b769f1d649e3 --payload+---------+-----------+| Field   | Value     |+---------+-----------+| Payload | secretkey |+---------+-----------+

使用openstack命令生成并存储密钥

[root@controller ~]# openstack secret order create --name secret02 --algorithm aes --bit-length 256 --mode cbc --payload-content-type application/octet-stream key+----------------+----------------------------------------------------------------------+| Field          | Value                                                                |+----------------+----------------------------------------------------------------------+| Order href     | http://localhost:9311/v1/orders/a8f2d133-c089-496b-ace3-3a9f540205b1 || Type           | Key                                                                  || Container href | N/A                                                                  || Secret href    | None                                                                 || Created        | None                                                                 || Status         | None                                                                 || Error code     | None                                                                 || Error message  | None                                                                 |+----------------+----------------------------------------------------------------------+

通过命令显示生成的密钥列表

[root@controller ~]# openstack secret order list+----------------------------------------------------------------------+------+----------------+-----------------------------------------------------------------------+---------------------------+--------+------------+---------------+| Order href                                                           | Type | Container href | Secret href                                                           | Created                   | Status | Error code | Error message |+----------------------------------------------------------------------+------+----------------+-----------------------------------------------------------------------+---------------------------+--------+------------+---------------+| http://localhost:9311/v1/orders/a8f2d133-c089-496b-ace3-3a9f540205b1 | Key  | N/A            | http://localhost:9311/v1/secrets/3a22d487-c7c9-49f6-9f0c-6c282fd8878a | 2022-05-07T12:00:52+00:00 | ACTIVE | None       | None          |+----------------------------------------------------------------------+------+----------------+-----------------------------------------------------------------------+---------------------------+--------+------------+---------------+

使用命令显示生成的密钥

[root@controller ~]# openstack secret order get http://localhost:9311/v1/orders/a8f2d133-c089-496b-ace3-3a9f540205b1+----------------+-----------------------------------------------------------------------+| Field          | Value                                                                 |+----------------+-----------------------------------------------------------------------+| Order href     | http://localhost:9311/v1/orders/a8f2d133-c089-496b-ace3-3a9f540205b1  || Type           | Key                                                                   || Container href | N/A                                                                   || Secret href    | http://localhost:9311/v1/secrets/3a22d487-c7c9-49f6-9f0c-6c282fd8878a || Created        | 2022-05-07T12:00:52+00:00                                             || Status         | ACTIVE                                                                || Error code     | None                                                                  || Error message  | None                                                                  |+----------------+-----------------------------------------------------------------------+

显示生成的密钥的元数据

[root@controller ~]# openstack secret get http://localhost:9311/v1/secrets/3a22d487-c7c9-49f6-9f0c-6c282fd8878a+---------------+-----------------------------------------------------------------------+| Field         | Value                                                                 |+---------------+-----------------------------------------------------------------------+| Secret href   | http://localhost:9311/v1/secrets/3a22d487-c7c9-49f6-9f0c-6c282fd8878a || Name          | secret02                                                              || Created       | 2022-05-07T12:00:52+00:00                                             || Status        | ACTIVE                                                                || Content types | {u'default': u'application/octet-stream'}                             || Algorithm     | aes                                                                   || Bit length    | 256                                                                   || Secret type   | symmetric                                                             || Mode          | cbc                                                                   || Expiration    | None                                                                  |+---------------+-----------------------------------------------------------------------+

注意查看获取的地址,secret herf 和order herf 不要弄错,上述实验中,只对应熟悉barbican密钥服务所使用的环境操作

posted @ 2022-05-07 11:45 huhy 阅读(0) 评论(0) 编辑 收藏 举报
上一篇:高端程序员上班摸鱼指南
下一篇:vue3vite系统标题系统名称统一配置
回帖
    张三

    张三 (王者 段位)

    821 积分 (2)粉丝 (41)源码

     

    温馨提示

    亦奇源码

    最新会员