Improving Support For Sensitive Data in Mistral

At the recent OpenStack Project Teams Gathering in Atlanta, GA, one of the topics discussed by the Mistral developer community attendees is the security issue where data that might be sensitive could be exposed in Mistral log files, stored in the databaseĀ or when transferred over the network.

This was one of my favorite sessions as every attendee in the room participated in the discussion and provided a valuable insight or opinion and the proposed idea for a solution was truly a collaborative effort. The idea agreed upon included adding a section to workflows called “secret” where a developer can identify data of a sensitive nature. All of the items in the secret section will be protected whenever they are persisted either to log files or the database. Actions can be executed independently from workflows, so a decorator will also be added to mistral-lib to provide a means for custom action developers to identify constructor arguments to be protected.

Proposed Workflows Syntax

Proposed Custom Actions Syntax

It is great to see so many developers in the Mistral community concerned about security.

Leave a Reply

Your email address will not be published. Required fields are marked *