← Back to team overview

cloud-init team mailing list archive

Re: Random Password


Posting plaintext passwords anywhere is simply a security risk. A more sensible approach is to encrypt the password with the public SSH key and write it out to the console log. This is how we handle Windows passwords in HP Cloud at the moment.


From: Cloud-init [mailto:cloud-init-bounces+juerg.haefliger=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Joshua Harlow
Sent: Friday, November 22, 2013 10:06 PM
To: chima s; cloud-init@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Cloud-init] Random Password

I think one of the issues is that where would this be posted back to in a generic fashion?

Cloud-init supports different datasources, some of those don't have a place to post-back to (some are read-only).

If u just want to do this for 1 case, that's relatively easy. Just provide a shell script and use curl to send a file somewhere.

http://cloudinit.readthedocs.org/en/latest/topics/examples.html#call-a-url-when-finished is also similar (but less capable than just providing your own shell script).


From: chima s <chima.s@xxxxxxxxx<mailto:chima.s@xxxxxxxxx>>
Date: Friday, November 22, 2013 3:31 AM
To: "cloud-init@xxxxxxxxxxxxxxxxxxx<mailto:cloud-init@xxxxxxxxxxxxxxxxxxx>" <cloud-init@xxxxxxxxxxxxxxxxxxx<mailto:cloud-init@xxxxxxxxxxxxxxxxxxx>>
Subject: [Cloud-init] Random Password

Is it possible to post the random password back to metadata as done in cloudbase-init (used in windows)