Skip to main content

Barbican Secrets

Using Barbican secrets

Barbican is the UNIQCloud OpenStack service used to securely store and manage secrets such as passwords, certificates, API keys, and encryption keys. In this section, we will use Barbican to show how secrets are created and managed in OpenStack, and how they can be used by other OpenStack services in a secure way.

info

Barbican is not available in the Horizon dashboard, so it cannot be managed from the web interface. To create, view, and manage secrets, you must use the OpenStack CLI. The CLI is the only supported way to work with Barbican secrets in OpenStack.

Ensure you have barbican python library installed.

pip install python-barbicanclient

Setup your credentials as usual

source ./my-openstack-creds.sh

Store a new secret in the project associated with your credentials

openstack secret store --name "test-secret" --payload "secret-content" --payload-content-type "text/plain"

A secret container can be used in order to group a set of secrets.

openstack secret container create --name mi-contenedor --secret secret1:secretcontent --secret secret2:secretcontent --secret cert:secretcontent

To delete the container make reference to the Container href

 openstack secret container delete https://barbican-internal.api.eu-vlc.uniccloud.org:9312/v1/containers/c7a9db19-1f91-43a0-8bf8-a78a44f3117c

Same Secret href reference to remove a secret standalone

openstack secret delete https://barbican-internal.api.eu-vlc.uniccloud.org:9312/v1/secrets/9915db07-f583-4c47-97de-f5dca12e61b6