OpenFGA

  • Identity Charmers
Channel Revision Published Runs on
latest/stable 27 11 Apr 2024
Ubuntu 22.04
latest/edge 87 20 Oct 2024
Ubuntu 22.04
2.0/stable 26 11 Apr 2024
Ubuntu 22.04
2.0/edge 81 10 Oct 2024
Ubuntu 22.04
1.0/edge 12 17 Oct 2023
Ubuntu 22.04
juju deploy openfga-k8s --channel 2.0/stable
Show information

Platform:

OpenFGA Charm Security

This document provides cryptographic documentation for the OpenFGA charm. Its purpose is to track the exposure of charm code to cryptographic attack vectors.

What is not included in this document and regarded as out of scope:

  • Workload code (refer to the workloads’ cryptographic documentation).
  • Data at rest encryption.

Sensitive Data Exchange

The charm relies on Juju secrets:

Github secrets are used during development, build, test and deploy phases:

  • To get Charmcraft credentials that are used to interact with Charmhub.
  • To get a Github token that is used to interact with Github API.

Cryptographic tech and packages in use

OpenFGA charm uses the following cryptography packages:

  • Python secrets built-in library is used to create an OpenFGA token.

OpenFGA charm supports TLS encryption on internal and external connections. Security considerations related to TLS encryption:

  • It is recommended against using self-signed certificates for production clusters.
  • It is strongly recommended to use TLS v1.3, as it is more secure than v1.2.