Bug 1043702 - [RFE][nova]: VMware: Encrypt vCenter passwords in nova.conf
Summary: [RFE][nova]: VMware: Encrypt vCenter passwords in nova.conf
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
: 9.0 (Mitaka)
Assignee: Eoghan Glynn
QA Contact: Jaroslav Henner
URL: https://blueprints.launchpad.net/nova...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks: 1055536
TreeView+ depends on / blocked
 
Reported: 2013-12-17 00:43 UTC by RHOS Integration
Modified: 2019-09-09 17:14 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-04-15 14:53:57 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-17 00:43:24 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/vmware-encrypt-vcenter-passwords.

Description:

Part of this conversation: https://etherpad.openstack.org/p/vmware_security_strategy

The primary concern is that vCenter usernames and passwords are stored in plain text inside the nova.conf file. One possible strategy is to introduce encryption into the nova.conf file for passwords. This would allow security analysts to check off the box "no passwords exposed"

There is a broader security concern to address involving the use of federated identity management and delegated "act as" security tokens. This could  be addressed by follow up Blueprints.

Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.