Make passwords a little more secure

Registered by Joshua Harlow on 2012-04-06

Right now we basically look in config/look in environment variables/ask the user for these.

Maybe we should instead look into a master key and then an encrypted file for these???

Then we just have to provide that one file, and someone enters the master key and the rest is good to go.

Need to look into how to do this on linux, is there something that already exists??

It shouldn't be to bad, since we already have a password management class....

Links:

http://www.gnupg.org/
http://packages.python.org/python-gnupg/

Blueprint information

Status:
Complete
Approver:
None
Priority:
High
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Approved
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
Joshua Harlow on 2012-08-31
Completed by
Joshua Harlow on 2013-06-02

Related branches

Sprints

Whiteboard

How secure do we need to be with development systems? - Doug

Ya, good question, I think there will be a common question that keeps on coming up, in that since devstack.sh/devstack.py are really the only ways people know how to install devstack (distros make packages, but they also install/configure it in there specified way), they continue to attempt to use devstack.py/sh in more use cases than just development. So this seems to be one of those cases, where developers shouldn't really need a secure PW system, but those that are using it for the alternative install (non-dev) would like it... We could have a layer ontop of the password class that in effect achieves this, or layer the password management in the following layers, pgp->config->env->input. Dougs question is still valid though... -Josh

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.