Need help
Tony Breeds
tony at bakeyournoodle.com
Wed Jul 12 04:09:03 UTC 2023
On Tue, 11 Jul 2023 at 22:02, Gk Gk <ygk.kmr at gmail.com> wrote:
>
> Hi All,
>
> If I use the openstacksdk to connect to an openstack cloud, I have to use clouds.yaml file for
> specifying the cloud configuration which includes username and password as well. Since its a plain text file, how can I mask the password mentioned in clouds.yaml file for security purposes?
You can also create and use a token for authentication.
-=-=-=-=-=-=-
$ openstack \
--os-auth-url "$OS_AUTH_URL" \
--os-user-domain-name "<<REDACTED>>" \
--os-region-name "regionOne" \
--os-interface "public" \
--os-identity-api-version 3 \
--os-project-name "$OS_PROJECT_NAME" \
--os-username "$OS_USERNAME" \
--os-project-domain-id "$OS_PROJECT_DOMAIN_ID" \
--os-password "$OS_PASSWORD" \
token issue -f value -c id
$ cat ~/.config/openstack/clouds.yaml
---
clouds:
openstack:
auth_type: "token"
auth:
token: "<<REDACTED>>"
auth_url: "<<REDACTED>>"
project_id: "<<REDACTED>>"
etc etc etc
-=-=-=-=-=-=-
You will need to generate the token regularly, but it does avoid
having the plain text password on disk.
Yours Tony.
More information about the openstack-discuss
mailing list