ADR-0005: Be Resilient by Default
- Status: accepted
- Date: 2024-05-11
- Tags: quality, stability
Context and Problem Statement
When an VMware Secrets Manager component crashes or when an VMware Secrets Manager component is evicted, the workloads can still function with the existing secrets they have without having to rely on the existence of an active secrets store.
When an VMware Secrets Manager component restarts, it seamlessly recovers its state from an encrypted backup without requiring manual intervention.
Decision Drivers
- Resilience is also related to being practically secure
- A resilient system is easy to operate, maintain, and troubleshoot.
- To have a highly-available system, we need to be resilient first.
Considered Options
- Be resilient by default.
- Think about resilience only when we have time.
Decision Outcome
Chosen option: “option 1”, because we cannot afford to have a system that is not resilient.
Positive Consequences
- DevOps will sleep more.
Negative Consequences
- Additional work upfront.
- Additional complexity in the system.
ADRs
You can view the ADRs by browsing this following list:
- ADR-0001: Use Log4brains to manage the ADR
- ADR-0002: Use Markdown Architectural Decision Records
- ADR-0003: VSecM Will Be Scoped to Work on Kubernetes Only
- ADR-0004: Be Practically Secure
- ADR-0005: Be Resilient by Default
- ADR-0006: Be Secure by Default
- ADR-0007: Document All Public Methods
- ADR-0008: Have a Minimal and Intuitive API
- ADR-0009: Have at Least 50% Test Coverage Across the Project
- ADR-0010: Keep Non-Public Function in Separate Files from the Public Functions
- ADR-0011: Keep Things Minimal: Do One Thing Well
- ADR-0012: All Files Shall Have a SPDX License Header
- ADR-0013: Scan the Codebase for Vulnerabilities and Code Smells Regularly
- ADR-0014: Get OpenSSF Best Practices Compliance
- ADR-0015: Keep Source Code Line Length Around 80 Characters
- ADR-0016: Centralize Magic Words, Numbers, and Configuration Constants in Common Modules
- ADR-0017: VSecM OIDC Resource Server Shall Be Secure by Default“
- ADR-0018: Use Asciinema for Use Case Examples in the Documentation“
- ADR-0019: Use RESTful APIs for Communication Between Components
- ADR-0020: VSecM will not enforce expiration and invalid before time for secrets
- ADR-0021: VSecM Shall Use Environment Variables for Configuration
- ADR-0022: VSecM Shall Use the Latest Stable Dependencies