Included information about keyring support

Added info about keyring support to the user guide.
Closes-Bug: #1199007

Change-Id: Ie62f53bbf80cc11303cf03985854ebecf7cfa15f
This commit is contained in:
Deepti Navale 2014-08-27 16:29:48 +10:00 committed by Gauvain Pocentek
parent 070b17aaef
commit 503811b6a8
2 changed files with 29 additions and 0 deletions

View File

@ -129,4 +129,5 @@ export OS_REGION_NAME=<replaceable>regionName</replaceable></programlisting>
<screen><prompt>$</prompt> <userinput>keystone --os-password <replaceable>PASSWORD</replaceable> service-list</userinput></screen> <screen><prompt>$</prompt> <userinput>keystone --os-password <replaceable>PASSWORD</replaceable> service-list</userinput></screen>
<para>Where <replaceable>PASSWORD</replaceable> is your password.</para> <para>Where <replaceable>PASSWORD</replaceable> is your password.</para>
</section> </section>
<xi:include href="../common/section_keystone-keyring-support.xml"/>
</section> </section>

View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="section_keystone-keyring-support">
<title>Keyring support</title>
<para>Keyring is a password management system available in OpenStack.
You can install it using the following command:</para>
<screen><prompt>$</prompt> <userinput>pip install keyring</userinput></screen>
<note>
<para>Keyring is used only if <parameter>--os-use-keyring</parameter>
is specified or if the environment variable
<parameter>OS_USE_KEYRING=true</parameter> is defined.</para>
</note>
<para>A user specifies their username and password credentials to interact
with OpenStack, using any client command. These credentials can be specified
using various mechanisms, namely, the environment variable, or command line argument.
It is not safe to specify the password using either of these methods.</para>
<para>For example, when you specify your password using the command-line client
with the <parameter>--os-password</parameter> argument, anyone with access
to your computer can view it in plain text with the <parameter>ps</parameter>
field.</para>
<para>To avoid storing the password in plain text, you can prompt for the
OpenStack password interactively. Then, the keyring can store the password
and the user can safely retrieve it from their keyring. The encrypted password
is stored in the <filename>~/.openstack-keyring.cfg</filename> file.</para>
</section>