Hi all,

I have deployed an OpenStack environment using Kolla Ansible. I'm looking for a way to avoid storing service passwords (e.g., database, keystone, etc.) in clear text inside the configuration files.

Is there any recommended method to integrate Barbican and Castellan so that services like Nova, Keystone, or Cinder can fetch secrets securely during runtime using oslo.config?

If not natively supported, are there best practices or known workarounds for achieving this securely in a Kolla-based deployment?

Thanks in advance!