avoiding sensitive info in config files

asked 2013-10-14 12:04:37 -0600

moje gravatar image

Hi Is there a way to avoid storing passwords in openstack config files (e.g. sqlalchemy connection strings with db passwds)
I'd like to version-controll my openstack config files using git (with the possibility of sharing them)

Is there a way to sort of "include" private info from other files, e.g. sql connection string from a "gitignored " txt file?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-02-26 02:21:59 -0600

fifieldt gravatar image

By default, there is not this capability. There is interest in the community in adding it, and it would be helpful to add your voice to the discussion about this on the Mailing Lists https://wiki.openstack.org/wiki/Maili... . Some people with certain security requirements may have already modified the code to support it for their deployments, so it might be worth reaching out to see if anyone has a patch for you.

In terms of solving your specific problem - tracking the configuration files in a git repository...

I have seen many people using the template functionality in an automated configuration management system such as puppet, and just storing the templates for eg nova.conf in git and making those available publicly. Then, the actual configuration variables such as passwords remain private. Puppet scripts live at https://github.com/stackforge/puppet-...

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-10-14 12:04:37 -0600

Seen: 220 times

Last updated: Feb 26 '15