[openstack-dev] [keystone][middleware]: Use encrypted password in the service conf file

Lance Bragstad lbragstad at gmail.com
Wed Oct 11 14:16:58 UTC 2017


This sounds like something that was discussed during the PTG. The oslo
team was exploring ways to implement this, which would be consumable to
keystonemiddleware as a library [0].

[0] https://etherpad.openstack.org/p/oslo-ptg-queens

On 10/11/2017 07:43 AM, pnkk wrote:
> Hi,
>
> We have our API server(based on pyramid) integrated with keystone for
> AuthN/AuthZ.
> So our service has a *.conf file which has [keystone_authtoken]
> section that defines all the stuff needed for registering to keystone.
>
> WSGI pipeline will first get filtered with keystone auth token and
> then get into our application functionality.
>
> Now as part of hardening, we want to save an encrypted password(admin
> password) in the conf file.
> Where should I put the decryption logic so it gets passed to the
> middleware in the needed format?
>
> Appreciate your help!
>
> Thanks,
> Kanthi
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171011/a61c22a1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171011/a61c22a1/attachment.sig>


More information about the OpenStack-dev mailing list