[openstack-dev] [TripleO][Tuskar] Dealing with passwords in Tuskar-API

Jason Rist jrist at redhat.com
Wed Feb 19 18:29:18 UTC 2014


On Wed 19 Feb 2014 10:29:32 AM MST, Dougal Matthews wrote:
> On 19/02/14 17:10, Ladislav Smola wrote:
>> Hello,
>>
>> I would like to have your opinion about how to deal with passwords in
>> Tuskar-API
>>
>> The background is, that tuskarAPI is storing heat template parameters in
>> its database, it's a
>> preparation for more complex workflows, when we will need to store the
>> data before the actual
>> heat stack-create.
>>
>> So right now, the state is unacceptable, we are storing sensitive
>> data(all the heat passwords and keys)
>> in a raw form in the TuskarAPI database. That is wrong right?
>
> I agree, this situation needs to change.
>
> I'm +1 for not storing the passwords if we can avoid it. This would
> apply to all situations and not just Tuskar.
>
> The question for me, is what passwords will we have and when do we
> need them? Are any of the passwords required long term.
>
> If we do need to store passwords it becomes a somewhat thorny issue,
> how does Tuskar know what a password is? If this is flagged up by the
> UI/client then we are relying on the user to tell us which isn't wise.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Would it be possible to create some token for use throughout? Forgive 
my naivete.

--
Jason E. Rist
Senior Software Engineer
OpenStack Management UI
Red Hat, Inc.
+1.720.256.3933
Freenode: jrist
github/identi.ca: knowncitizen



More information about the OpenStack-dev mailing list