remove admin passwords from config files

asked 2015-06-05 19:06:03 -0600

mundonsbar gravatar image

In the openstack config files there are many entries where there is an an admin password set up. The password is in clear text. One of my requirements is to not store passwords in configuration files.

  1. Is there a way to remove the configuration entries pertaining to the admin password in the config
    files and use a different way for the admin to log into the services where the password is not exposed?

  2. And, is there documentation anywhere on how this can be achieved?

This question pertains only to the admin passwords in the config files, not user or admin passwords logging in over the network. I also know i can set restrictive permissions on the files and limit access to shell logins. I would like to remove the password entries altogether from the config files.

here is a list of some of the files that may contain passwords:

  • /etc/nova/nova.conf
  • /etc/rabbitmq/rabbitmq.config
  • /etc/keystone/keystone.conf
  • /etc/glance/glance-api.conf
  • /etc//cinder/cinder.conf
  • /etc//ceilometer/ceilometer.conf
  • /etc/neutron/neutron.conf
edit retag flag offensive close merge delete


Oslo.config used for parsing the configuration files and AFAIK there is no option for password encryption.

uts9 gravatar imageuts9 ( 2015-06-08 06:40:45 -0600 )edit

Hi Everybody, Does Anyone found a solution/workaround to hide clear text passwords in config and .json files? Thanks GianLuca

gberges gravatar imagegberges ( 2015-09-22 05:15:47 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2019-01-07 10:32:40 -0600

Abhisheks gravatar image

You can try Barbican for same.

edit flag offensive delete link more

Comments (

Abhisheks gravatar imageAbhisheks ( 2019-01-07 10:33:41 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2015-06-05 19:06:03 -0600

Seen: 855 times

Last updated: Jan 07 '19