[Openstack-operators] Keyring support

Adam Young ayoung at redhat.com
Tue Jul 9 00:37:10 UTC 2013


On 07/08/2013 11:05 AM, Robert van Leeuwen wrote:
>>> I see with Grizzly that keyring support is now included.
>> It's my understanding that the keyring is used to store/cache the
>> Keystone token, rather than the username/password.
That is correct.
> I would also very much appreciate this feature.
>
> Struggling with the same problem over here.
> It is pretty trivial to setup a script to get credentials from the keyring and put it in the environment. (e.g. OS_USERNAME)
> However it is still not really secure because the password will be in plaintext readable in the environment of the shell.
> Integrating keychain support into the tools would be really nice :)
>
> Cheers,
> Robert van Leeuwen
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
We are working on more secure client access.  Ideally, we will support 
Kerberos and X509 Client certificates for all operations, but that is a 
long term goal.

We do have this blueprint: 
https://blueprints.launchpad.net/python-keystoneclient/+spec/consolidate-cli-auth
   Which we hope to integrate into the common client.



More information about the OpenStack-operators mailing list