There is a support for splitting configuration into clouds.yaml and secret.yaml (read the SDK documentation for details on that). This way you can keep clouds.yaml without username and password to be able to share it freely.

Artem

On Wed, Jul 12, 2023, 05:12 Tony Breeds <tony@bakeyournoodle.com> wrote:
On Tue, 11 Jul 2023 at 22:02, Gk Gk <ygk.kmr@gmail.com> wrote:
>
> Hi All,
>
> If I use the openstacksdk to connect to an openstack cloud, I have to use clouds.yaml file for
> specifying the cloud configuration which includes username and password as well. Since its a plain text file, how can I mask the password mentioned in clouds.yaml file for security purposes?

You can also create and use a token for authentication.
-=-=-=-=-=-=-
$ openstack \
            --os-auth-url "$OS_AUTH_URL" \
            --os-user-domain-name "<<REDACTED>>" \
            --os-region-name "regionOne" \
            --os-interface "public" \
            --os-identity-api-version 3 \
            --os-project-name "$OS_PROJECT_NAME" \
            --os-username "$OS_USERNAME" \
            --os-project-domain-id "$OS_PROJECT_DOMAIN_ID" \
            --os-password "$OS_PASSWORD" \
                token issue -f value -c id
$ cat ~/.config/openstack/clouds.yaml
---
clouds:
  openstack:
    auth_type: "token"
    auth:
      token: "<<REDACTED>>"
      auth_url: "<<REDACTED>>"
      project_id: "<<REDACTED>>"
      etc etc etc
-=-=-=-=-=-=-

You will need to generate the token regularly, but it does avoid
having the plain text password on disk.

Yours Tony.