Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/vmware-encrypt-vcenter-passwords.
Part of this conversation: https://etherpad.openstack.org/p/vmware_security_strategy
The primary concern is that vCenter usernames and passwords are stored in plain text inside the nova.conf file. One possible strategy is to introduce encryption into the nova.conf file for passwords. This would allow security analysts to check off the box "no passwords exposed"
There is a broader security concern to address involving the use of federated identity management and delegated "act as" security tokens. This could be addressed by follow up Blueprints.
Specification URL (additional information):