OpenStack Heat

Parameters marked as hidden should be stored encrypted

Registered by Richard Lee

Stack parameters are stored in the database unencrypted, even if the parameter is marked as hidden. This can lead to the storage of sensitive data, such as passwords, in plain text.

As a heat template author if I mark a parameter as hidden, then I expect secure handling of the parameter data

Blueprint information

Status:
Complete
Approver:
Randall Burt
Priority:
Medium
Drafter:
Richard Lee
Direction:
Approved
Assignee:
Vijendar Komalla
Definition:
Approved
Series goal:
Accepted for liberty
Implementation:
Implemented
Milestone target:
milestone icon 5.0.0
Started by
Steve Baker
Completed by
Steve Baker

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/encrypt-hidden-parameters,n,z

Addressed by: https://review.openstack.org/97900
    Encrypt heat template parameters

Addressed by: https://review.openstack.org/100343
    Encrypt hidden template parameters specification

(zaneb) Bumping to next as I don't see any chance of this landing before juno-3

Addressed by: https://review.openstack.org/117633
    Encrypt heat template parameters

Addressed by: https://review.openstack.org/119836
    Support for encrypt/decrypt parameters in heat-manage

Gerrit topic: https://review.openstack.org/#q,topic:bug/1396313,n,z

Addressed by: https://review.openstack.org/151388
    Encrypt properties data

Addressed by: https://review.openstack.org/174978
    Support for encrypt/decrypt parameters in heat-manage

Addressed by: https://review.openstack.org/184321
    Check for encrypted_param_names key in environment

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.