[Openstack] [Heat] Locked Outputs
Robert Collins
robertc at robertcollins.net
Wed Nov 13 09:30:05 UTC 2013
On 13 November 2013 16:08, Andrew Plunk <andrew.plunk at rackspace.com> wrote:
> Alright.
>
> The problem:
> ----------------
> If a program generates a password, and displays it on a screen over and over again, it is more susceptible to being compromised.
>
> Possible solutions:
> ----------------
> 1).Provide a way to limit the availability of stack outputs returned from heat.
> 2).Provide a way to express metadata about stack outputs returned from heat.
3) Don't generate the password
4) Don't show the password at all (just supply it to the cluster being
configured) [which the hidden output setting already implements]
So - why are you generating a password - what is the password for /
where it is being used ?
-Rob
--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud
More information about the Openstack
mailing list