Problem Statement
- The Datastore Credentialssentitive information, like datastore credentials, WiFi Passwords etc., are currently received from Controller module in plainclear-text format, as part of configuration blob. And they are exchanged between agents in the EVE through pubsub channel. The sensitive information should be stored in cypher text inside the configblob in encrypted form. And a set of APIs will be provided to the agents to decrypt them, for usage.
- The sensitive information exchange between the controller and EVE node should be encrypted end-to-end, in man-in-the middle proxy deployments also.
- There encryption methodolgy used for achiving this, should also work with third-party CA verification
...