[openstack-dev] [TripleO][Tuskar] Dealing with passwords in Tuskar-API
Radomir Dopieralski
openstack at sheep.art.pl
Thu Feb 20 10:36:05 UTC 2014
On 20/02/14 11:21, Dougal Matthews wrote:
> If we do store passwords however, I wonder if we are
> best to encrypt everything to be safe. The overhead shouldn't be that
> big and it may be better than special casing the "NoEcho" values.
I think that before we start encrypting everything, we need to ask
ourselves the question about system boundaries and about what we are
protecting from what. Otherwise we will end up with ridiculous things
like encrypting the passwords and storing the decryption key right in
the same place. In other words, this has to be designed.
--
Radomir Dopieralski
More information about the OpenStack-dev
mailing list