[sdks][security-sig] Protecting client password (was: Need help)
Jeremy Stanley
fungi at yuggoth.org
Wed Jul 12 12:07:45 UTC 2023
On 2023-07-12 13:55:06 +0530 (+0530), Gk Gk wrote:
> Is the file secret.yaml encrypted or plain text ?
[...]
It's plain text, but you could for example LUKS mount an encrypted
file on a loopback and store it inside that. The bigger question is,
if you encrypt the file with your password in it, then where do you
safely store the decryption key? Without knowing more about your use
case, it sounds like you're back to the same problem you had with
the password.
If you're only using the software interactively anyway then just
don't put the password in your configuration, enter it when prompted
instead. You can also supply it as an environment variable
(OS_PASSWORD) or command line argument (--os-password) if you don't
want to be prompted but also don't want to put it in your
configuration.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230712/db18724d/attachment.sig>
More information about the openstack-discuss
mailing list