[openstack-dev] Move keypair management out of Nova and into Keystone?

Russell Bryant rbryant at redhat.com
Mon Jul 1 16:02:14 UTC 2013

On 07/01/2013 11:47 AM, Jay Pipes wrote:
> Recently a colleague asked me whether their key pair from one of our
> deployment zones would be usable in another deployment zone. His
> identity credentials are shared between the two zones (we use a shared
> identity database) and was wondering if the key pairs were also shared.
> I responded that no, they were not, because Nova, not Keystone, manages
> key pairs. But that got me thinking.... is it time to change this?
> Key pairs really are an element of identity/authentication, and not
> specific to OpenStack Compute. Has there been any talk of moving the key
> pair management API out of Nova and into Keystone?

I haven't heard any talk about it, but it does seem to make sense.

Russell Bryant

More information about the OpenStack-dev mailing list