On Tue, 11 Jul 2023 at 22:02, Gk Gk <ygk.kmr@gmail.com> wrote:
Hi All,
If I use the openstacksdk to connect to an openstack cloud, I have to use clouds.yaml file for specifying the cloud configuration which includes username and password as well. Since its a plain text file, how can I mask the password mentioned in clouds.yaml file for security purposes?
You can also create and use a token for authentication. -=-=-=-=-=-=- $ openstack \ --os-auth-url "$OS_AUTH_URL" \ --os-user-domain-name "<<REDACTED>>" \ --os-region-name "regionOne" \ --os-interface "public" \ --os-identity-api-version 3 \ --os-project-name "$OS_PROJECT_NAME" \ --os-username "$OS_USERNAME" \ --os-project-domain-id "$OS_PROJECT_DOMAIN_ID" \ --os-password "$OS_PASSWORD" \ token issue -f value -c id $ cat ~/.config/openstack/clouds.yaml --- clouds: openstack: auth_type: "token" auth: token: "<<REDACTED>>" auth_url: "<<REDACTED>>" project_id: "<<REDACTED>>" etc etc etc -=-=-=-=-=-=- You will need to generate the token regularly, but it does avoid having the plain text password on disk. Yours Tony.