<div dir="ltr">Hey OpenStack peeps!<div><br></div><div>Most of the .conf files within OpenStack contain credentials and/or token ID's that allow services to talk to each other. And interestingly, I have not found a way to obfuscate this data from system admins who do not need the keys to the entire kingdom.<div>
<br></div><div>Is there a best practice I'm unaware of that addresses where credentials are stored and who can access them? Most system admins have root or sudo access to /etc/program/program.conf and having access to credentials that give them that level of power seems like either a bug or an oversight (or evidence I'm a bigger dumbass than I thought).</div>
<div><br></div><div>Can the credentials used by services such as Swift, Keystone, etc be protected? How are folks currently protecting their installations while allowing low-level admins to do their work? Does OpenStack support ESSO or at least the option to encrypt these files somehow? Seems like an audit issue to me.</div>
<div><br></div><div>Mahalo,</div><div>Adam</div><div><br clear="all"><div><div dir="ltr"><div><font><div style="font-family:arial;font-size:small"><b><i><br>Adam Lawson</i></b></div><div><font><font color="#666666" size="1"><div style="font-family:arial;font-size:small">
AQORN, Inc.</div><div style="font-family:arial;font-size:small">427 North Tatnall Street</div><div style="font-family:arial;font-size:small">Ste. 58461</div><div style="font-family:arial;font-size:small">Wilmington, Delaware 19801-2230</div>
<div style="font-family:arial;font-size:small">Toll-free: (888) 406-7620</div></font></font></div></font></div><div style="font-family:arial;font-size:small"><img src="http://www.aqorn.com/images/logo.png" width="96" height="39"><br>
</div></div></div>
</div></div></div>