-
Bug
-
Resolution: Done
-
Highest
-
Casablanca Release
Hi,
I just wanted to point out that in the integration-override.yaml that is used to override certain values from values.yaml when deploying the ONAP instance, the password is plain text (https://gerrit.onap.org/r/gitweb?p=integration.git;a=blob;f=deployment/heat/onap-oom/env/tlab/EXTONAP_DEV.env;h=ec220dc58cc20ef0b4da683aee38f37e2c517178;hb=HEAD#l22) and anybody having access to the Rancher VM where this gets sent over to can see the password. This OpenstackPassword value is actually coming from robot's values.yaml in https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/robot/values.yaml;h=8a28e892f20c8e0abd2031f1507069ed91c50df0;hb=HEAD.
Is there a way to encrypt this password so that it works like the one in SO and possibly even use the same var OS_PASSWORD_ENCRYPED as well (https://gerrit.onap.org/r/gitweb?p=integration.git;a=blob;f=deployment/heat/onap-oom/env/tlab/EXTONAP_DEV.env;h=ec220dc58cc20ef0b4da683aee38f37e2c517178;hb=HEAD#l37)? I don't understand the mechanics behind how SO did it, so would like to know if this is possible so as to not release the Openstack User Password in plain text.