This is something that we’ve been discussing with some of our users, but haven’t yet made any progress. Is there anyone on the list who has developed a solution for this?
From: Sean Mooney <smooney@redhat.com>
Date: Monday, 17 November 2025 at 08:39
To: Ricardo Cano <ledsole@gmail.com>, openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org>
Subject: Re: [nova][keystone] Machine identities
the short answer is no.
the slightly longer anaswer is there has been some experimets with
issuign jwt tokens but
nothing was ever upstreamed.
the topic of having a way to securely pass a application credital or
bootstrap token has beed raised
in the past but no won has really presented a compelling end to end
approch or worked to enable that upstream.
im sure some folks have developed exteions via vendor dat or other means
in private clouds or have workflows for this
it just is not supported out of hte box
On 17/11/2025 02:08, Ricardo Cano wrote:
> Hey guys,
>
> I was wondering if openstack had an equivalent to Azure's managed
> identities or AWS's IAM roles for ec2 to give vm's the ability to
> interact with the api. Are there any existing patterns that people
> are using for this?
>
>
> Thanks!
>