Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

remove admin passwords from config files

In the openstack config files there are many entries where there is an an admin password set up. The password is in clear text. One of my requirements is to not store passwords in configuration files.

  1. Is there a way to remove the configuration entries pertaining to the admin password in the config
    files and use a different way for the admin to log into the services where the password is not exposed?

  2. And, is there documentation anywhere on how this can be achieved?

This question pertains only to the admin passwords in the config files, not user or admin passwords logging in over the network. I also know i can set restrictive permissions on the files and limit access to shell logins. I would like to remove the password entries altogether from the config files.

here is a list of some of the files that may contain passwords:

  • /etc/nova/nova.conf
  • /etc/rabbitmq/rabbitmq.config
  • /etc/keystone/keystone.conf
  • /etc/glance/glance-api.conf
  • /etc//cinder/cinder.conf
  • /etc//ceilometer/ceilometer.conf
  • /etc/neutron/neutron.conf