Open Stack

On 19/02/14 17:10, Ladislav Smola wrote:
> Hello,
>
> I would like to have your opinion about how to deal with passwords in
> Tuskar-API
>
> The background is, that tuskarAPI is storing heat template parameters in
> its database, it's a
> preparation for more complex workflows, when we will need to store the
> data before the actual
> heat stack-create.
>
> So right now, the state is unacceptable, we are storing sensitive
> data(all the heat passwords and keys)
> in a raw form in the TuskarAPI database. That is wrong right?

I agree, this situation needs to change.

I'm +1 for not storing the passwords if we can avoid it. This would 
apply to all situations and not just Tuskar.

The question for me, is what passwords will we have and when do we need 
them? Are any of the passwords required long term.

If we do need to store passwords it becomes a somewhat thorny issue, how 
does Tuskar know what a password is? If this is flagged up by the 
UI/client then we are relying on the user to tell us which isn't wise.