Kamus Proposal

[omerlh]

Added a proposal to include Kamus as sandbox project.
Close #188
CC @caniszczyk - I can't tag cncf/toc...
Signoff by: Omer Levi Hevroni (Soluto)

[caniszczyk]

RFC @cncf/toc

This project seems a bit too early stage IMHO, can you describe more where it's being used in production and how many contributors you have from different organizations?

[omerlh]

I know, I also thought it might be too soon - but then I looked on the sandbox definition. It seems like a perfect fit for Kamus, as it designed for a project in a really early stage. For example:

Independent projects that fit the CNCF mission and provide potential for a novel approach to existing functional areas (or are an attempt to meet an unfulfilled need)

I think that Kamus fit this definition.

Regarding users/community contribution. The project is in a very early stage, but started to get some traction. There is some activity on issues, not direct contribution yet.
Regarding where it is in production - currently only at Soluto, I heard from a few people who wanted to give it a try. Hope to see them using it soon.

I might have mistaken regarding the purpose of the sandbox - and if so, I can close this PR and re-open it when we have enough traction (can you clarify what you think is considered enough? it's stated what is required for stage, not for sandbox).

[quinton-hoole]

Yes, to be clear, sandbox does not require production use, or significant numbers of contributors (yet).

It is intended as neutral home within which the above can be achieved.

That being said, you will still need at least two TOC sponsors, in whose opinion the project holds sufficient promise to be hosted in the CNCF.

[omerlh]

That being said, you will still need at least two TOC sponsors, in whose opinion the project holds sufficient promise to be hosted in the CNCF.

I know, I wasn't sure how I can ask for sponsors - this is why I opened this PR. Hope this is the right move...

[omerlh]

The build failed due to billing issue I think:

Please update billing information for cncf

Also, I saw the presentation for tomorrow meeting - should Kamus be added to the Project presentation track spreadsheet?

[mattklein123]

@omerlh I'm potentially interested in sponsoring but I would appreciate it if you could add a "comparison to similar systems" section to your docs? I'm curious how you see Kamus compared to https://github.com/hashicorp/vault, https://github.com/lyft/confidant, etc. AFAICT the major difference is distributed vs. central secret storage?

Also, how do you foresee key rotation in this system? This seems like a flaw in a distributed storage system whereas in a central system secrets can potentially be re-encrypted if needed?

[omerlh]

Hey Matt! I'm happy to hear so.
Thanks for the feedback - I added a section about comparing Kamus to other systems. Please let me know what you think about it. Like you already said - the main difference is distributed vs centralized storage of the secret. I see it as a culture difference - it's going down to who is responsible for the deployments in a company. Companies that favor decentralized (DevOps?) culture, might prefer a decentralized solution.

Regarding key rotation - this issue covers some of the tasks requires to achieve it. This is indeed harder in a decentralized system and requires re-encrypting the secrets. But, as we're using key-pair per service-account, this can be opt-in. E.g. users can decide which services require key rolling and which doesn't. Anyway, the flow requires some polishing - especially understanding what users needs (rotate all keys? only part of them?). I'll be happy to discuss it more!

[lizrice]

Hi @omerlh, TOC discussed this project this week. We felt there needs to be an answer to the question of key rotation, but when you have that in place you are welcome to take it to SIG Security for their thoughts on whether Kamus should be approved for Sandbox.

[omerlh]

Thanks for the update @lizrice! We just merged Soluto/kamus#241 which added support for automated key rotation which supported by GCP and AWS KMS. I see it as the first step toward a full solution.
One of the reasons I want Kamus to be part of the CNCF is feedback and community - I'm not sure how the full solution should look. For example, should we make it easy to re-encrypt existing values? Or just make it easy to rotate the keys? I'm sure there are other aspects I'm missing, and I'll be happy to hear more voices.

[omerlh]

Hey folks, it's been more than a year since I opened this PR. Is this process supposed to take that long? Is there something I need to do?

[amye]

SIG-Security would be the group to review this for inclusion.

[lizrice]

@ultrasaurus @pragashj @dshaw please could SIG Security give us a recommendation?

[ultrasaurus]

@omerlh thank you for pinging us! Since you submitted this PR, the TOC created the SIGs to parallelize the due diligence process, and recently documented an updated process here: https://github.com/cncf/toc/blob/master/process/project_proposals.adoc

I'm sorry your proposal didn't get into our queue earlier. I'll sync up with the other chairs and one of us will take a look at this PR and we'll likely have some questions for you!

[omerlh]

Thank you! I'll be happy to help with any question or update the proposal if required :)

[amye]

In the 6/23 TOC meeting to review sandbox projects, the TOC did not include this project in the sandbox.
Missing: a Code of Conduct
You are welcome to reapply through the Sandbox application form and the 6 month window to reapply doesn't apply here.

I will leave this PR open and watch for an application in.

[amye]

Closing this out as we've now moved to the Sandbox application form.