Hi all, In order to add registry v2 to bay nodes[1], authentication information is needed for the registry to upload and download files from swift. The swift storage-driver in registry now needs the parameters as described in [2]. User password is needed. How can we get the password? 1. Let user pass password in baymodel-create. 2. Use user token to get password from keystone Is it suitable to store user password in db? It may be insecure to store password in db and expose it to user in a config file even if the password is encrypted. Heat store user password in db before, and now change to keystone trust[3]. But if we use keystone trust, the swift storage-driver does not support it. If we use trust, we expose magnum user's credential in a config file, which is also insecure. Is there a secure way to implement this bp? [1] https://blueprints.launchpad.net/magnum/+spec/registryv2-in-master [2] https://github.com/docker/distribution/blob/master/docs/storage-drivers/swift.md [3] https://wiki.openstack.org/wiki/Keystone/Trusts Regards, Wanghua -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150813/0ea8f9ac/attachment.html>