Ask Your Question

avoiding sensitive info in config files

asked 2013-10-14 12:04:37 -0500

moje gravatar image

Hi Is there a way to avoid storing passwords in openstack config files (e.g. sqlalchemy connection strings with db passwds)
I'd like to version-controll my openstack config files using git (with the possibility of sharing them)

Is there a way to sort of "include" private info from other files, e.g. sql connection string from a "gitignored " txt file?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-02-26 02:21:59 -0500

fifieldt gravatar image

By default, there is not this capability. There is interest in the community in adding it, and it would be helpful to add your voice to the discussion about this on the Mailing Lists . Some people with certain security requirements may have already modified the code to support it for their deployments, so it might be worth reaching out to see if anyone has a patch for you.

In terms of solving your specific problem - tracking the configuration files in a git repository...

I have seen many people using the template functionality in an automated configuration management system such as puppet, and just storing the templates for eg nova.conf in git and making those available publicly. Then, the actual configuration variables such as passwords remain private. Puppet scripts live at

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-10-14 12:04:37 -0500

Seen: 199 times

Last updated: Feb 26 '15