Table of Contents |
---|
This page is aimed to consolidate and document all known requirements (both functional and non-functional) applicable to FOLIO secrets management.
Use cases
A user (administrator) wants to create/manage secrets through the secret storage directly and allow FOLIO modules to access those secrets (read-only access)
- No specific Jira examples though as per my understanding all those secrets being specified in modules' ModuleDescriptor-template.json files (in launchDescriptor.env section, e.g. DB_USERNAME, DB_PASSWORD etc.) fit this category
- A user (administrator) wants to create/manage secrets through FOLIO. E.g., a module might need to store credentials to some external system (like FTP or SMTP server credentials, API keys etc.) UI forms are involved as well for interaction with a user
- Example: INN Reach Central Server Configuration keeps API keys (key and secret) for Central and Local servers. As per requested behavior, UI Screen contains fields for setting / displaying API keys, and a user (administrator) uses them to save, view or update keys. One can use
JiraJira Legacy server System
for reference and find mock ups there. Currently, backend module storage is used to store such keysJIRA serverId 01505d01-b853-3c2e-90f1-ee9b165564fc key UIINREACH-12
- Example: INN Reach Central Server Configuration keeps API keys (key and secret) for Central and Local servers. As per requested behavior, UI Screen contains fields for setting / displaying API keys, and a user (administrator) uses them to save, view or update keys. One can use
- A module wants to create/manage secrets so that a user is not even in the loop here, and the interaction is only between the module and secret storage.
- Examples are modules which are creating system/tenant users (like mod-pubsub), or a case with generating and storing signing keys in such a way that all instances of the mod-authtoken container can easily stay aligned
- One more specific example is
JiraJira Legacy server System JIRA serverId 01505d01-b853-3c2e-90f1-ee9b165564fc key MODORGSTOR-33
Secrets access type
Is read-only access enough to cover use case #1 from above, or full access with CRUD support to cover use cases #2 and #3 is mandatory?
Secret types
The following secret types are to be supported:
...