[openstack-dev] Service password storage

Clint Byrum clint at fewbar.com
Mon Jan 11 18:05:34 UTC 2016

Excerpts from Levin's message of 2016-01-11 02:37:09 -0800:
> Dear openstack developers,
> I installed openstack via devstack recently, and I found out that the
> admin passwords for services like cinder and nova are stored in plain
> text in their /etc/*/*.conf files. These files are rw--r--r-- by
> default, which I believe to be a pretty serious security risk. Is this
> intended, and/or configurable pre-install?

As others stated, devstack is not for production. For production there
are many methods, these are all developed in the OpenStack "big tent":

Ansible - http://git.openstack.org/cgit/openstack/openstack-ansible
Chef - https://wiki.openstack.org/wiki/Chef/GettingStarted
Fuel - https://wiki.openstack.org/wiki/Fuel
Puppet Modules - https://wiki.openstack.org/wiki/Puppet
TripleO - https://wiki.openstack.org/wiki/TripleO

And there are others whose development happens outside the openstack

More information about the OpenStack-dev mailing list