A shadow like password wouldn't be possible as it needs to be reversible. And as it's reversible anybody with access to the file would be able to reverse it with the encryption scheme. Making it security by obscurity. This could probably best be solved with something like a pkcs7 key exchange, although this would be a little more work. D. On Mar 4, 2014 10:35 AM, "Matt Fischer" <matt at mattfischer.com> wrote: > I see this bug is old and Wishlisted so it may never get fixed, but I'd > like to add that plaintext passwords are generally a no-no when the > service account auth is managed by Corporate AD or LDAP. It may > complicate some deployments but it would be nice to have a solution to > this. > > -- > You received this bug notification because you are a member of OpenStack > Security Group, which is subscribed to OpenStack. > https://bugs.launchpad.net/bugs/1158328 > > Title: > passwords in config files stored in plaintext > > Status in OpenStack Compute (Nova): > Confirmed > > Bug description: > The credentials for database conenctions and the keystone authtoken > are stored in plaintext within the nova.conf and apipaste config > files. > > These values should be encrypted. A scheme similar to /etc/shadow > would be great. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/nova/+bug/1158328/+subscriptions > > _______________________________________________ > Openstack-security mailing list > Openstack-security at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140304/fd87825c/attachment.html>