Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30047

Add support for secure secrets store (CyberArk, KeyVault, etc)

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 10.10
    • Fix Version/s: 11.x
    • Component/s: Security

      Description

      The Nuxeo Platform has many configuration files with credentials hardcoded with clear text (not just within nuxeo.conf but also within specific configuration files), for ex: 

      • Configuration/Credentials related to MongoDB
      • Configuration/Credentials related to LDAP
      • Configuration/Credentials related to Oracle¬†
      • Configuration/Credentials for Mail/SMTP
      • etc

      As per the Bank standards, this is not allowed and all these credentials must be maintained in secure secrets store for secure authentication, like CyberArk Vaults.

      Currently Nuxeo doesn't support CyberArk or any other solution developed for maintaining credentials in secure way like Azure Key Vault, Hashicorp etc.

      In order to make Nuxeo compliant with Bank standards, a solution to integrate Nuxeo with CyberArk needs to be developed.

      The new service to use secure secrets store should allow different implementations.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tmartins Thierry Martins
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: