[openstack-dev] [TripleO][Tuskar] Dealing with passwords in Tuskar-API
Dougal Matthews
dougal at redhat.com
Thu Feb 20 10:46:51 UTC 2014
On 20/02/14 10:36, Radomir Dopieralski wrote:
> On 20/02/14 11:21, Dougal Matthews wrote:
>> If we do store passwords however, I wonder if we are
>> best to encrypt everything to be safe. The overhead shouldn't be that
>> big and it may be better than special casing the "NoEcho" values.
>
> I think that before we start encrypting everything, we need to ask
> ourselves the question about system boundaries and about what we are
> protecting from what. Otherwise we will end up with ridiculous things
> like encrypting the passwords and storing the decryption key right in
> the same place. In other words, this has to be designed.
Absolutely. I couldn't agree more and hope I didn't suggest otherwise :)
More information about the OpenStack-dev
mailing list