Need help
Artem Goncharov
artem.goncharov at gmail.com
Wed Jul 12 07:59:27 UTC 2023
There is a support for splitting configuration into clouds.yaml and
secret.yaml (read the SDK documentation for details on that). This way you
can keep clouds.yaml without username and password to be able to share it
freely.
Artem
On Wed, Jul 12, 2023, 05:12 Tony Breeds <tony at bakeyournoodle.com> wrote:
> On Tue, 11 Jul 2023 at 22:02, Gk Gk <ygk.kmr at gmail.com> wrote:
> >
> > Hi All,
> >
> > If I use the openstacksdk to connect to an openstack cloud, I have to
> use clouds.yaml file for
> > specifying the cloud configuration which includes username and password
> as well. Since its a plain text file, how can I mask the password mentioned
> in clouds.yaml file for security purposes?
>
> You can also create and use a token for authentication.
> -=-=-=-=-=-=-
> $ openstack \
> --os-auth-url "$OS_AUTH_URL" \
> --os-user-domain-name "<<REDACTED>>" \
> --os-region-name "regionOne" \
> --os-interface "public" \
> --os-identity-api-version 3 \
> --os-project-name "$OS_PROJECT_NAME" \
> --os-username "$OS_USERNAME" \
> --os-project-domain-id "$OS_PROJECT_DOMAIN_ID" \
> --os-password "$OS_PASSWORD" \
> token issue -f value -c id
> $ cat ~/.config/openstack/clouds.yaml
> ---
> clouds:
> openstack:
> auth_type: "token"
> auth:
> token: "<<REDACTED>>"
> auth_url: "<<REDACTED>>"
> project_id: "<<REDACTED>>"
> etc etc etc
> -=-=-=-=-=-=-
>
> You will need to generate the token regularly, but it does avoid
> having the plain text password on disk.
>
> Yours Tony.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230712/4e3874e4/attachment.htm>
More information about the openstack-discuss
mailing list