Bug 1043702

Summary: [RFE][nova]: VMware: Encrypt vCenter passwords in nova.conf
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-novaAssignee: Eoghan Glynn <eglynn>
Status: CLOSED UPSTREAM QA Contact: Jaroslav Henner <jhenner>
Severity: unspecified Docs Contact:
Priority: medium    
Version: unspecifiedCC: hartsocks, markmc, ndipanov, sgordon, tjones, yeylon
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: 9.0 (Mitaka)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/nova/+spec/vmware-encrypt-vcenter-passwords
Whiteboard: upstream_milestone_none upstream_status_needs-code-review upstream_definition_pending-approval
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-15 14:53:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1055536    

Description RHOS Integration 2013-12-17 00:43:24 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/vmware-encrypt-vcenter-passwords.

Description:

Part of this conversation: https://etherpad.openstack.org/p/vmware_security_strategy

The primary concern is that vCenter usernames and passwords are stored in plain text inside the nova.conf file. One possible strategy is to introduce encryption into the nova.conf file for passwords. This would allow security analysts to check off the box "no passwords exposed"

There is a broader security concern to address involving the use of federated identity management and delegated "act as" security tokens. This could  be addressed by follow up Blueprints.

Specification URL (additional information):

None