This sounds like something that was discussed during the PTG. The oslo team was exploring ways to implement this, which would be consumable to keystonemiddleware as a library [0]. [0] https://etherpad.openstack.org/p/oslo-ptg-queens On 10/11/2017 07:43 AM, pnkk wrote: > Hi, > > We have our API server(based on pyramid) integrated with keystone for > AuthN/AuthZ. > So our service has a *.conf file which has [keystone_authtoken] > section that defines all the stuff needed for registering to keystone. > > WSGI pipeline will first get filtered with keystone auth token and > then get into our application functionality. > > Now as part of hardening, we want to save an encrypted password(admin > password) in the conf file. > Where should I put the decryption logic so it gets passed to the > middleware in the needed format? > > Appreciate your help! > > Thanks, > Kanthi > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171011/a61c22a1/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171011/a61c22a1/attachment.sig>