[openstack-dev] Move keypair management out of Nova and into Keystone?

Monty Taylor mordred at inaugust.com
Mon Jul 1 16:13:39 UTC 2013

On 07/01/2013 09:02 AM, Russell Bryant wrote:
> On 07/01/2013 11:47 AM, Jay Pipes wrote:
>> Recently a colleague asked me whether their key pair from one of our
>> deployment zones would be usable in another deployment zone. His
>> identity credentials are shared between the two zones (we use a shared
>> identity database) and was wondering if the key pairs were also shared.
>> I responded that no, they were not, because Nova, not Keystone, manages
>> key pairs. But that got me thinking.... is it time to change this?
>> Key pairs really are an element of identity/authentication, and not
>> specific to OpenStack Compute. Has there been any talk of moving the key
>> pair management API out of Nova and into Keystone?
> I haven't heard any talk about it, but it does seem to make sense.

I agree. As a person who regularly uses multiple zones of several
clouds, needing to upload my keypair to each of them is, well, weird.

More information about the OpenStack-dev mailing list