[security][barbican][manila] hiding back end and service user credentials

Tom Barron tpb at dyncloud.net
Fri Mar 1 16:13:40 UTC 2019

In manila -- and so far as I can tell, other projects -- service user
and back end (storage devices, security service) credentials appear 
plaintext in configuration files and in database tables.  These are 
not accessible to ordinary OpenStack users but some cloud deployers 
nonetheless have concerns about this exposure and have asked us to 
tighten things up.

So I want to check for best practices from other projects.  I doubt 
this is a manila-specific concern -- e.g. is barbican already being 
used today by some projects to protect information of this sort?


-- Tom Barron

More information about the openstack-discuss mailing list