We use Kerberos and X.509 in Keystone V3 for the end users. It works very nicely (although the python client-* CLIs often do not support it so you have to use the openstack OSC CLI) Tim From: Mike Smith <mismith at overstock.com<mailto:mismith at overstock.com>> Date: Wednesday 23 March 2016 at 16:28 To: openstack <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>> Subject: Re: [Openstack] password in clear text Piggybacking on this question, I also would like to know if there is a solution to prevent storing passwords in the various service config files. We store our configs in subversion, and I hate that I have those passwords in there. Mike Smith Lead Cloud Systems Architect Overstock.com<http://Overstock.com> On Mar 23, 2016, at 9:04 AM, Jagga Soorma <jagga13 at gmail.com<mailto:jagga13 at gmail.com>> wrote: Hi Guys, Currently when using the openstack api I have to save my password in clear text in the OS_PASSWORD environment variable. Is there a more secure way to use the openstack api without having to either store this password in clear text or enter the password manually every time I run a openstack command? Is there some way that I can use a token id? I have tried but can't seem to get it to work and not sure what else is possible. Thanks in advance for your help with this. _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160323/2654a36f/attachment.html>