[security][barbican][manila] hiding back end and service user credentials
tpb at dyncloud.net
Fri Mar 1 16:13:40 UTC 2019
In manila -- and so far as I can tell, other projects -- service user
and back end (storage devices, security service) credentials appear
plaintext in configuration files and in database tables. These are
not accessible to ordinary OpenStack users but some cloud deployers
nonetheless have concerns about this exposure and have asked us to
tighten things up.
So I want to check for best practices from other projects. I doubt
this is a manila-specific concern -- e.g. is barbican already being
used today by some projects to protect information of this sort?
-- Tom Barron
More information about the openstack-discuss