On 04/26/16 16:33, Daniel P. Berrange wrote:
There is already barbican which could potentially fill that role:
"Barbican is a REST API designed for the secure storage, provisioning
and management of secrets such as passwords, encryption keys and X.509
Certificates." [1]
On startup a process, such as nova, could contact barbican to retrieve
the credentials it should use for authenticating with each other service
that requires a password.
Where do the creds that nova would use to authenticate to barbican come
from in that model ?
As explained earlier, passwords in text files is awful for both security
and managability at a large scale.
Agreed. Use of client side certs with TLS where the client side cert
pathname is what goes into the configuration file can help - that way
the config file has no credentials in it only pointers to them. Though
management of certs has its own problems but again Barbican can help here.
File permissions alone cannot solve that problem.
Agreed, but the combination of file permissions and split configuration
can be a first step in that direction especially if the default
configuration files are "split" rather than requiring the admin to know
about that feature and to do it. It may also help if comments about this
were placed in the default configuration files to encourage the behaviour.
--
Darren J Moffat
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
