Jump to: navigation, search



What is it

Anchor is an ephemeral PKI system built to enable cryptographic trust in OpenStack services in a way that doesn't rely on broken provisioning and revocation mechanisms that undermine most PKI deployments.

More content to follow, this page is a place holder.

While we get around to adding more content, you may find this presentation from the Paris summit on Ephemeral PKI: http://youtu.be/jf_YOzW7I3s

Next Steps

Recently Anchor underwent several large changes. Firstly it moved away from using the unmaintained M2Crypto library and secondly its project configuration was altered to better match standard boilerplate for OpenStack projects. Because of the size of and disruptive nature of these changes the project has entered a period of feature freeze while we work on creating an extensive test suite.

The Anchor Roadmap is maintained here: https://etherpad.openstack.org/p/Anchor_Project_Roadmap


We are a friendly bunch and would be more than happy to welcome anyone interested in contributing to Anchor. Since we are in a feature freeze period we would encourage anyone looking to get involved to focus their efforts on helping to enhance and improve our test suite. The Anchor project is discussed during the OSSG weekly meetings in and in the #openstack-security IRC room, feel free to drop in and say hello.