← Back to team overview

openstack team mailing list archive

Re: Keyring support in openstack

 

On Mon, Jul 30, 2012 at 5:48 PM, Adam Young <ayoung@xxxxxxxxxx> wrote:

>  On 07/30/2012 06:00 PM, Doug Hellmann wrote:
>
>
>
> On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung@xxxxxxxxxx> wrote:
>
>> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>>
>>> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>>>
>>>>  The wiki mentions the password being saved using
>>>>> keyring.backend.UncryptedFileKeyring. Does that mean the password is
>>>>>
>>>> saved
>>>>
>>>>> in cleartext? Is the file protected in some way besides filesystem
>>>>> permissions?
>>>>>
>>>> As mentioned in wiki page, the password is stored in base64 format.
>>>>
>>> Which means it's stored in cleartext.  That is Not Good(tm) :)
>>>
>>  Can Keyring be used to store a token instead?  That would A)  be better
>> than password and B)  avoid a Keystone hit.
>
>
>  Don't tokens expire?
>
>
>
> Yes, they do, but that is no reason not to put them in the keyring,
>
> With the PKI tokens,  you will be able to query a token's expiry without
> going across the wire.
>

Adam, can you please file a ticket to use keyring to store tokens for
keystone? I'll work on it.
-- 
Regards,
Bhuvaneswaran A
www.livecipher.com

Follow ups

References