Ken Thomas wrote:
Greetings all!
I'm look into using keyring as a way to (optionally) remove clear text
passwords from the various config files. (See
https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)
[...]
This is a development topic, a better fit for the openstack-dev
Hey Sam,
Keyring is already in the distros? So I can go ahead and add it as a
hard dependency to the build when I get this in?
About your question,,, The basic idea is that you can define config keys
a 'secure', and *if* you provide a 'secure_source', then cfg.py will use
*your* code to get
At some point a clear-text password will show up, but that doesn't require
said password to always be in clear-text.
Think of a remote system that provides said passwords and authenticates
the system asking for said password using some private/public key
authentication that can be easily revoked
+ Openstack-dev
On 12/13/12 10:05 AM, Joshua Harlow harlo...@yahoo-inc.com wrote:
At some point a clear-text password will show up, but that doesn't require
said password to always be in clear-text.
Think of a remote system that provides said passwords and authenticates
the system asking for
+ The right openstack-dev, haha
On 12/13/12 10:06 AM, Joshua Harlow harlo...@yahoo-inc.com wrote:
+ Openstack-dev
On 12/13/12 10:05 AM, Joshua Harlow harlo...@yahoo-inc.com wrote:
At some point a clear-text password will show up, but that doesn't
require
said password to always be in
Greetings all!
I'm look into using keyring as a way to (optionally) remove clear text
passwords from the various config files. (See
https://blueprints.launchpad.net/oslo/+spec/pw-keyrings for details.)
One of the comments I got back is that I should have the oslo build
dependency on keyring
My question is what does this extra dependancy give us apart from extra
complexity?
I can't see any enhancement in security with this method?
Cheers,
Sam
On 13/12/2012, at 4:44 AM, Ken Thomas k...@yahoo-inc.com wrote:
Greetings all!
I'm look into using keyring as a way to (optionally)
The short answer is that it gives you extra security... if you wish to
use it.
If you're fine with relying on the file permission of nova.conf,
glance.conf, etc. to keep any baddies from seeing the clear text
passwords in there, then you're right, it doesn't give you anything.
If, on the
Hi Ken,
Yeah OK I agree it doesn't make it that much more complex as long as the
dependancy is packaged in the distos which it is.
I'm still a little confused though.
If nova needs a clear text password to be able to talk to the DB for example
then it's going to be needing to access this
9 matches
Mail list logo
