I feel like this is pretty strongly out of scope. Applications that need
to talk to databases that require passwords need access to those
passwords in plain text. While we could do obfuscation, it doesn't
really address the issue, it just makes you think you addressed it.
Honestly better to leave things clear so people rightly understand that
a compromise of that file means all bets are off.
** Changed in: nova
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1158328
Title:
passwords in config files stored in plaintext
Status in OpenStack Compute (Nova):
Won't Fix
Bug description:
The credentials for database conenctions and the keystone authtoken
are stored in plaintext within the nova.conf and apipaste config
files.
These values should be encrypted. A scheme similar to /etc/shadow
would be great.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1158328/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
