openstack team mailing list archive

Thread
Date

Re: Keyring support in openstack

To: Adam Young <ayoung@xxxxxxxxxx>
From: Doug Hellmann <doug.hellmann@xxxxxxxxxxxxx>
Date: Mon, 30 Jul 2012 18:00:25 -0400
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <5016FCF0.40706@redhat.com>

On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung@xxxxxxxxxx> wrote:

> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>
>> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>>
>>> The wiki mentions the password being saved using
>>>> keyring.backend.**UncryptedFileKeyring. Does that mean the password is
>>>>
>>> saved
>>>
>>>> in cleartext? Is the file protected in some way besides filesystem
>>>> permissions?
>>>>
>>> As mentioned in wiki page, the password is stored in base64 format.
>>>
>> Which means it's stored in cleartext.  That is Not Good(tm) :)
>>
> Can Keyring be used to store a token instead?  That would A)  be better
> than password and B)  avoid a Keystone hit.


Don't tokens expire?

Doug

Follow ups

Re: Keyring support in openstack
From: Adam Young, 2012-07-31
Re: Keyring support in openstack
From: Matt Joyce, 2012-07-30

References

Keyring support in openstack
From: Bhuvaneswaran A, 2012-07-29
Re: Keyring support in openstack
From: Doug Hellmann, 2012-07-30
Re: Keyring support in openstack
From: Bhuvaneswaran A, 2012-07-30
Re: Keyring support in openstack
From: Kevin L. Mitchell, 2012-07-30
Re: Keyring support in openstack
From: Adam Young, 2012-07-30