[openstack-dev] [TripleO][Tuskar] Dealing with passwords in Tuskar-API
Dougal Matthews
dougal at redhat.com
Thu Feb 20 10:21:59 UTC 2014
On 20/02/14 09:12, Radomir Dopieralski wrote:
>> If we do need to store passwords it becomes a somewhat thorny issue, how
>> does Tuskar know what a password is? If this is flagged up by the
>> UI/client then we are relying on the user to tell us which isn't wise.
>
> All the template parameters that are passwords are marked in the Heat
> parameter list that we get from it as "NoEcho": "true", so we do have an
> idea about which parts are sensitive.
Right, that's good to know. I think Ladislav mentioned this to me but
it didn't click. If we do store passwords however, I wonder if we are
best to encrypt everything to be safe. The overhead shouldn't be that
big and it may be better than special casing the "NoEcho" values.
More information about the OpenStack-dev
mailing list