IBM Data Platform Ideas Portal for Customers
Hide about this portal
This portal is to open public enhancement requests against products and services offered by the IBM Data Platform organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,
Post an idea
Upvote ideas that matter most to you
Get feedback from the IBM team to refine your idea
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
IBM Employees should enter Ideas at https://ideas.ibm.com
After reviewing this requirement with architecture and development teams, we will move this idea as "Planned for future release". Specifically, customers will be able to choose to use the encryption key provided by the external Vault instead of the one in the Cluster. This is intended for the next major release of Cloud Pak for Data mid-year.
We met with MS today, and the requirement is a bit clearer:
The key used to encrypt the BitBucket access tokens must be stored in the Morgan Stanley Vault
We need to develop a process that (with both the old and new encryption key), can update everything stored with that key using an automated process.
Morgan Stanley accepts that starting this process can be manual, but we'd prefer that the process itself be automated. That is, at the 6 month mark, MS would submit an internal ticket to rotate the key in the MS Vault. Once approved, somebody could run a script (say) to re-encrypt the values stored in the CP4D database.
Thanks for the idea. Our strategic approach is to leverage external vaults for such keys in general (since this is what most customers require). If we do allow customers to control these encryption keys, would they prefer to store that encryption key itself in an external vault? Or would it be acceptable for these encryption key to be rotated on a regular basis or even on-demand?
If rotation, the solution gets fairly complex as rotation (or external storage) always requires a window where multiple generations of encryption keys are simultaneously valid.
If the customer considers this a high priority item, then I suggest an architecture discussion to uncover the main pain point.