Jagga Soorma wrote:
>Currently when using the openstack api I have to save my password in clear
>text in
>the OS_PASSWORD environment variable. Is there a more secure way to use the
>openstack api without having to either store this password in clear text or
>enter the
>password manually every time I run a openstack command? Is there some way that
>I can use a token id? I have tried but can't seem to get it to work and not
>sure what
>else is possible.
If the token will allow you to use services and you store the token in clear
text then
you’ve only managed to rename your password to token without adding any
security.
What you need to think about is what are you willing to type and when are you
willing
to type it. I don’t know if anyone has a polished “official” implementation,
but a couple
of options:
1) Configure one of your login scripts to prompt for your OpenStack password and
export it rather than putting it directly in a login script.
2) Encrypt your home directory and store your "clear text" password in a file
in your
encrypted home directory
3) Put your password in a file on a USB flash drive (in an encrypted file if
you want
a double layer of security) and create a wrapper script that reads you
password
from a fixed location on USB drive when you run a command. (keep the USB
drive
in a physical safe when not in use)
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
