[openstack-dev] Move keypair management out of Nova and into Keystone?

Jay Pipes jaypipes at gmail.com
Mon Jul 1 15:47:59 UTC 2013

Recently a colleague asked me whether their key pair from one of our 
deployment zones would be usable in another deployment zone. His 
identity credentials are shared between the two zones (we use a shared 
identity database) and was wondering if the key pairs were also shared.

I responded that no, they were not, because Nova, not Keystone, manages 
key pairs. But that got me thinking.... is it time to change this?

Key pairs really are an element of identity/authentication, and not 
specific to OpenStack Compute. Has there been any talk of moving the key 
pair management API out of Nova and into Keystone?


More information about the OpenStack-dev mailing list