Open Stack

Hello, oslo team

For now, some sensitive options like password or token are configured as
plaintext, anyone who has the priviledge to read the configure file can get
the real password, this may be a security problem that can't be
unacceptable for some people.

So the first solution comes to my mind is to encrypt these options when
configuring them and decrypt them when reading them in oslo.config. This is
a bit like apache/openldap did, but the difference is these softwares do a
salt hash to the password, this is a one-way encryption that can't be
decrypted, these softwares can recognize the hashed value. But if we do
this work in oslo.config, for example the admin_password in
keystone_middleware section, we must feed the keystone with the plaintext
password which will be hashed in keystone to compare with the stored hashed
password, thus the encryped value in oslo.config must be decryped to
plaintext. So we should encrypt these options using symmetrical or
unsymmetrical method with a key, and put the key in a well secured place,
and decrypt them using the same key when reading them.

Of course, this feature should be default closed. Any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160426/0e70d064/attachment.html>