On 2025-10-14 09:10:19 +0100 (+0100), Sean Mooney wrote: [...]
long term i would like to remove the keypair api form nova entirly and add it to keystone.
in my dream world keystone user would have keypair registered and you woudl be able to use an ssh key to auth to keystone to get a token.
nova would also supprot using the same keyapir form keyston to inject into the instance as we do today via cloud init but it would not be stored in nova anymore. [...]
And also ideally rename it. The term "keypair" was accurate when Nova was generating both halves of the key, but what the API (and documentation) calls a keypair now is really just a public key digest used to verify that the user has possession of the corresponding private key. OpenSSH keeps them in a file called "authorized_keys" so something like "sshauthkey" might make sense.</bikeshed> -- Jeremy Stanley