2 Replies Latest reply: Jan 25, 2012 5:07 AM by Dmitri Voronov RSS

Vault management

Dmitri Voronov Novice

Hi all,

 

the server/host level is currently not managable over e.g. DMR.

It would make sence to have such a possibility e.g. for refreshing the vault's state by reloading keys from ENC and shared.dat

  • 1. Re: Vault management
    Anil Saldhana Master

    At this time, the vault contents are not distributed automatically. I had a chat with the AS7 architects at the time of the vault and the distribution of vault automatically across a domain was not accepted.

     

    The idea is that within a domain, the vault has to be copied over by the administrator to each machine to bring in the homegeneous nature.

     

    If the vault exists when a node comes up, it does read the vault state.

     

    I understand about what you are asking - to refresh the vault on a running instance.

  • 2. Re: Vault management
    Dmitri Voronov Novice

    It would be a very useful feature.

     

    Generally I'm trying to find/recongise a way for using the vault in a domain environment with multiple hosts, server groups using different profiles and belonging to different owners/tenants.

    Should they all use the same keystore?

    What if the tenants want to use different keystores/vault?

    Wouldn't it be better to place the vault to profile of a certain tenant? I think yes, because at the moment all profile depend on a single server/host vault.

    And many other questions regarding vault - domain - profile(s) - server group(s).