Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Mirror of code maintained at opendev.org.
.. image:: https://governance.openstack.org/tc/badges/barbican.svg :target: https://governance.openstack.org/tc/reference/tags/index.html
.. Change things from this point on
Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds.
Barbican is an OpenStack project developed by the
Barbican Project Team_ with support from
Rackspace Hosting >_, EMC, Ericsson, Johns Hopkins University, HP, Red Hat, Cisco Systems, and many more.
The full documentation can be found on theBarbican Developer Documentation Site_.
To file a bug, use our bug tracker onOpenStack Storyboard_.
Release notes for the project can be found at https://docs.openstack.org/releasenotes/barbican.
Future design work is tracked at https://specs.openstack.org/openstack/barbican-specs.
For development questions or discussion, use theOpenStack-discuss mailing list_ at[barbican]to the subject. You can also join our IRC channel#openstack-barbicanon Freenode.
python-barbicanclient_ - A convenient Python-based library to interact with the Barbican API.
Please visit our
Users, Developers and Operators documentation_ for details.
The current state of key management is atrocious. While Windows does have some decent options through the use of the Data Protection API (DPAPI) and Active Directory, Linux lacks a cohesive story around how to manage keys for application use.
Barbican was designed to solve this problem. The system was motivated by internal Rackspace needs, requirements from
OpenStack_ and a realization that the current state of the art could use some help.
Barbican will handle many types of secrets, including:
encrypted Swift containers and Cinder volumes,
encrypted Cloud Backups, etc.
public / private keys_) are used in many scenarios where communication between untrusted parties is desired. The most common case is with SSL/TLS certificates, but also is used in solutions like SSH keys, S/MIME (mail) encryption and digital signatures.
For the symmetric and asymmetric key types, Barbican supports full life cycle management including provisioning, expiration, reporting, etc.
policies for all secrets.