← Back to team overview

openstack team mailing list archive

Re: Keyring support in openstack

 

On Mon, Jul 30, 2012 at 2:30 PM, Doug Hellmann
<doug.hellmann@xxxxxxxxxxxxx>wrote:

>
>
> On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A <bhuvan@xxxxxxxxxx>wrote:
>
>> On Mon, Jul 30, 2012 at 7:46 AM, David Kranz <david.kranz@xxxxxxxxxx>
>> wrote:
>> > I share Doug's concerns but would state some more strongly. IMO, it is
>> > simply unacceptable to modify user-visible behavior based on whether
>> some
>> > package that happens to be used in an implementation is installed or
>> not.
>> > This package is installed on Ubuntu by default and may be used by other
>> > applications that have nothing to do with OpenStack at all.
>>
>> Yes, as python-keyring is installed in almost all systems, the
>> behaviour is unchanged.
>>
>> > If we really want to go down this road there should be an environment
>> > variable that can be set to turn off this behavior for applications
>> that do
>> > not want it.
>>
>> David, good point. I'll revise the patch to not use keyring, if
>> environment variable USE_KEYRING=0. If environment variable is not set
>> or if it is USE_KEYRING=1, then keyring is used to store password.
>>
>
> How about OS_USE_KEYRING so it is clearer that the variable is related to
> openstack?
>

Just to close the loop ...

Doug, thank you for all the review comments. The patch to store encrypted
password in keyring, for openstackclient, is merged today: I''ll extend
this feature to other clients that prompt for password, like keystoneclient.
  https://review.openstack.org/#/c/9497/

It's also documented here:
  http://wiki.openstack.org/KeyringSupport
-- 
Regards,
Bhuvaneswaran A
www.livecipher.com

References