anvil

Make passwords a little more secure

Registered by Joshua Harlow on 2012-04-06

Right now we basically look in config/look in environment variables/ask the user for these.

Maybe we should instead look into a master key and then an encrypted file for these???

Then we just have to provide that one file, and someone enters the master key and the rest is good to go.

Need to look into how to do this on linux, is there something that already exists??

It shouldn't be to bad, since we already have a password management class....

Links:

http://www.gnupg.org/
http://packages.python.org/python-gnupg/

Blueprint information

Status:: Complete

Approver:: None

Priority:: High

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: Approved

Series goal:: None

Implementation:: Implemented

Milestone target:: None

Started by: Joshua Harlow on 2012-08-31

Completed by: Joshua Harlow on 2013-06-02

Related branches

Related bugs

Sprints

Whiteboard

How secure do we need to be with development systems? - Doug

Ya, good question, I think there will be a common question that keeps on coming up, in that since devstack.sh/devstack.py are really the only ways people know how to install devstack (distros make packages, but they also install/configure it in there specified way), they continue to attempt to use devstack.py/sh in more use cases than just development. So this seems to be one of those cases, where developers shouldn't really need a secure PW system, but those that are using it for the alternative install (non-dev) would like it... We could have a layer ontop of the password class that in effect achieves this, or layer the password management in the following layers, pgp->config->env->input. Dougs question is still valid though... -Josh

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Doug Hellmann