Boston
May 8-11, 2017
Protecting Plaintext Password in OpenStack Service Configuration Files
Current OpenStack services require plaintext passwords and credentials for various access, e.g. database, keystoneauth, etc. Even with proper file permissions set on these files, often time during troubleshooting sessions, these configuration files are send via emails without the passwords properly redacted. Also, the ability to change passwords across multiple nodes are heavily relying on the deployment tools of choice (ansible, fuel, etc.). This talk discusses a proof of concept in the work to leverage barbican key-management service as a way to mitigate these two problems and handle configuration management.
What can I expect to learn?
Some of the results from the proof of concepts conducted internally, and discussion on additional improvement in this space.
Tuesday, May 9, 2:00pm-2:40pm (6:00pm - 6:40pm UTC)
Difficulty Level: Intermediate
Senior Member of Technical Staff
Gage Hugo is software developer focused on contributing to OpenStack, primarily on Identity/Authentication and Security. He is currently a core reviewer for Keystone, OpenStack's Identity service, and co-chair for the Security SIG. When he is not coding or reviewing, he likes to dabble with running complicated software on Raspberry Pis and finding ways to improve whatever he is working on. FULL PROFILE
Software Engineer
I worked as a software engineer consultant for 12 years. Started out as a C/C++ middleware developer on AIX platform, I migrated to the java platform and worked as a full stack engineer for 7 before stepping into mobile platform developer for Android and iOS. In the past 2.5 years, I have moved into the area of python development in OpenStack with focus in keystone and other security related... FULL PROFILE
Software Engineer
Openstack contributor focusing on security aspects of the cloud. I have contributed to specs such as the PCI-DSS Password Expiration and the Project Tags specs for keystone and am currently working on the oslo.config spec to allow for plugable drivers for external key managers. I presented at the Openstack Boston Summit on the removal of plaintext passwords in configuration files, which the... FULL PROFILE
Download App
