[Openstack] Keyring support in openstack

Adam Young ayoung at redhat.com
Tue Jul 31 00:48:08 UTC 2012


On 07/30/2012 06:00 PM, Doug Hellmann wrote:
>
>
> On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung at redhat.com 
> <mailto:ayoung at redhat.com>> wrote:
>
>     On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>
>         On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>
>                 The wiki mentions the password being saved using
>                 keyring.backend.UncryptedFileKeyring. Does that mean
>                 the password is
>
>             saved
>
>                 in cleartext? Is the file protected in some way
>                 besides filesystem
>                 permissions?
>
>             As mentioned in wiki page, the password is stored in
>             base64 format.
>
>         Which means it's stored in cleartext.  That is Not Good(tm) :)
>
>     Can Keyring be used to store a token instead?  That would A)  be
>     better than password and B)  avoid a Keystone hit.
>
>
> Don't tokens expire?


Yes, they do, but that is no reason not to put them in the keyring,

With the PKI tokens,  you will be able to query a token's expiry without 
going across the wire.



>
> Doug


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120730/9982fe38/attachment.html>


More information about the Openstack mailing list