[Openstack] Keyring support in openstack
Bhuvaneswaran A
bhuvan at apache.org
Wed Aug 22 23:14:16 UTC 2012
On Mon, Jul 30, 2012 at 2:30 PM, Doug Hellmann
<doug.hellmann at dreamhost.com>wrote:
>
>
> On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A <bhuvan at apache.org>wrote:
>
>> On Mon, Jul 30, 2012 at 7:46 AM, David Kranz <david.kranz at qrclab.com>
>> wrote:
>> > I share Doug's concerns but would state some more strongly. IMO, it is
>> > simply unacceptable to modify user-visible behavior based on whether
>> some
>> > package that happens to be used in an implementation is installed or
>> not.
>> > This package is installed on Ubuntu by default and may be used by other
>> > applications that have nothing to do with OpenStack at all.
>>
>> Yes, as python-keyring is installed in almost all systems, the
>> behaviour is unchanged.
>>
>> > If we really want to go down this road there should be an environment
>> > variable that can be set to turn off this behavior for applications
>> that do
>> > not want it.
>>
>> David, good point. I'll revise the patch to not use keyring, if
>> environment variable USE_KEYRING=0. If environment variable is not set
>> or if it is USE_KEYRING=1, then keyring is used to store password.
>>
>
> How about OS_USE_KEYRING so it is clearer that the variable is related to
> openstack?
>
Just to close the loop ...
Doug, thank you for all the review comments. The patch to store encrypted
password in keyring, for openstackclient, is merged today: I''ll extend
this feature to other clients that prompt for password, like keystoneclient.
https://review.openstack.org/#/c/9497/
It's also documented here:
http://wiki.openstack.org/KeyringSupport
--
Regards,
Bhuvaneswaran A
www.livecipher.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120822/5ab63f96/attachment.html>
More information about the Openstack
mailing list