| Thread Previous • Date Previous • Date Next • Thread Next |
Greetings all,Our security folks have an issue with putting passwords on the command line or in the environment. I wrote up a blueprint that gives the details on their objections as well as a proposed short-term fix for keystone (https://blueprints.launchpad.net/keystone/+spec/prompt-for-password). We'd like to see this same change get into UnifiedCLI as a longer term fix.
The change is minor. If no password was found on the command line or in the env, just before the "expecting password" error is raised, we make an attempt to prompt the user for it. If we get something, great! Our security folks are happy and we keep processing. If we don't get the password for any number of reasons (keystone wasn't being run from a tty, the user hit Ctrl-C or Ctrl-D when prompted), then we raise the error just as before.
I've already submitted the keystone changes for review (https://review.openstack.org/#/c/8958/3/keystoneclient/shell.py) and I'd be happy to make the same change to UnifiedCLI as well.
Thanks! Ken
| Thread Previous • Date Previous • Date Next • Thread Next |
