openstack team mailing list archive

Thread
Date

Re: Keyring support in openstack

To: Doug Hellmann <doug.hellmann@xxxxxxxxxxxxx>
From: Adam Young <ayoung@xxxxxxxxxx>
Date: Mon, 30 Jul 2012 20:48:08 -0400
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CADb+p3Sdx3nMtyrDB4=HMMnvmnH8tAo5f0ZAfmUajd9DdiPPsQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1

On 07/30/2012 06:00 PM, Doug Hellmann wrote:

On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung@xxxxxxxxxx<mailto:ayoung@xxxxxxxxxx>> wrote:


    On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:

        On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:

                The wiki mentions the password being saved using
                keyring.backend.UncryptedFileKeyring. Does that mean
                the password is

            saved

                in cleartext? Is the file protected in some way
                besides filesystem
                permissions?

            As mentioned in wiki page, the password is stored in
            base64 format.

        Which means it's stored in cleartext.  That is Not Good(tm) :)

    Can Keyring be used to store a token instead?  That would A)  be
    better than password and B)  avoid a Keystone hit.


Don't tokens expire?



Yes, they do, but that is no reason not to put them in the keyring,

With the PKI tokens, you will be able to query a token's expiry withoutgoing across the wire.


Doug

Follow ups

Re: Keyring support in openstack
From: Bhuvaneswaran A, 2012-08-22

References

Keyring support in openstack
From: Bhuvaneswaran A, 2012-07-29
Re: Keyring support in openstack
From: Doug Hellmann, 2012-07-30
Re: Keyring support in openstack
From: Bhuvaneswaran A, 2012-07-30
Re: Keyring support in openstack
From: Kevin L. Mitchell, 2012-07-30
Re: Keyring support in openstack
From: Adam Young, 2012-07-30
Re: Keyring support in openstack
From: Doug Hellmann, 2012-07-30