I'm just thinking on how AWS does it - they don’t save your private key in their DB either and that is done on purpose.
Why would you want to save the private key in the DB? My humble opinion, it’s a security issue. Maybe we make this optional for those who don’t believe this to be an issue and really need to store the private key on a shared platform. -----Original Message----- From: Rohit Yadav (JIRA) [mailto:j...@apache.org] Sent: Friday, November 16, 2012 1:08 AM To: cloudstack-dev@incubator.apache.org Subject: [jira] [Commented] (CLOUDSTACK-497) createSSHkeypairs doesnt save the private key to the db, so list sshkeypair doesnt return a private key [ https://issues.apache.org/jira/browse/CLOUDSTACK-497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498622#comment-13498622 ] Rohit Yadav commented on CLOUDSTACK-497: ---------------------------------------- Won't this be a potential security issue to store ssh private keys in the database? I don't know of any IaaS who does that. What is the use case? If we want to do this, we should disable this feature by default and enable only via global settings? > createSSHkeypairs doesnt save the private key to the db, so list > sshkeypair doesnt return a private key > ---------------------------------------------------------------------- > --------------------------------- > > Key: CLOUDSTACK-497 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-497 > Project: CloudStack > Issue Type: Bug > Components: API > Affects Versions: 4.0.0 > Environment: centos running cloudstack 4.0 > Reporter: Ahmad Emneina > > listkeypair doesnt list the private key, alena checked the code for me, and > it turns out we're not saving the key upon generation (createsshkeypairs > comand). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
