yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1158328] Re: passwords in config files stored in plaintext

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Wed, 03 Sep 2014 20:14:05 -0000
Reply-to: Bug 1158328 <1158328@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I feel like this is pretty strongly out of scope. Applications that need
to talk to databases that require passwords need access to those
passwords in plain text. While we could do obfuscation, it doesn't
really address the issue, it just makes you think you addressed it.
Honestly better to leave things clear so people rightly understand that
a compromise of that file means all bets are off.

** Changed in: nova
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1158328

Title:
  passwords in config files stored in plaintext

Status in OpenStack Compute (Nova):
  Won't Fix

Bug description:
  The credentials for database conenctions and the keystone authtoken
  are stored in plaintext within the nova.conf and apipaste config
  files.

  These values should be encrypted.  A scheme similar to /etc/shadow
  would be great.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1158328/+subscriptions