Need help
Gk Gk
ygk.kmr at gmail.com
Wed Jul 12 08:25:06 UTC 2023
Is the file secret.yaml encrypted or plain text ?
On Wed, Jul 12, 2023 at 1:29 PM Artem Goncharov <artem.goncharov at gmail.com>
wrote:
> There is a support for splitting configuration into clouds.yaml and
> secret.yaml (read the SDK documentation for details on that). This way you
> can keep clouds.yaml without username and password to be able to share it
> freely.
>
> Artem
>
> On Wed, Jul 12, 2023, 05:12 Tony Breeds <tony at bakeyournoodle.com> wrote:
>
>> On Tue, 11 Jul 2023 at 22:02, Gk Gk <ygk.kmr at gmail.com> wrote:
>> >
>> > Hi All,
>> >
>> > If I use the openstacksdk to connect to an openstack cloud, I have to
>> use clouds.yaml file for
>> > specifying the cloud configuration which includes username and password
>> as well. Since its a plain text file, how can I mask the password mentioned
>> in clouds.yaml file for security purposes?
>>
>> You can also create and use a token for authentication.
>> -=-=-=-=-=-=-
>> $ openstack \
>> --os-auth-url "$OS_AUTH_URL" \
>> --os-user-domain-name "<<REDACTED>>" \
>> --os-region-name "regionOne" \
>> --os-interface "public" \
>> --os-identity-api-version 3 \
>> --os-project-name "$OS_PROJECT_NAME" \
>> --os-username "$OS_USERNAME" \
>> --os-project-domain-id "$OS_PROJECT_DOMAIN_ID" \
>> --os-password "$OS_PASSWORD" \
>> token issue -f value -c id
>> $ cat ~/.config/openstack/clouds.yaml
>> ---
>> clouds:
>> openstack:
>> auth_type: "token"
>> auth:
>> token: "<<REDACTED>>"
>> auth_url: "<<REDACTED>>"
>> project_id: "<<REDACTED>>"
>> etc etc etc
>> -=-=-=-=-=-=-
>>
>> You will need to generate the token regularly, but it does avoid
>> having the plain text password on disk.
>>
>> Yours Tony.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230712/738cb3da/attachment.htm>
More information about the openstack-discuss
mailing list