(feature request) allow multiple credentials per user for phased credential rotation
Bug #943488 reported by
Ben Hartshorne
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
In order to change the credentials for a running application, it is useful to be able to have multiple active credentials for a given user account. It allows the following procedure for credential rotation:
* create new credential
* change client configuration to use new credential
* revoke old credential
In large production enviromnents, it is often infeasible to change all the clients at once, requiring a slow shift from the old to the new credential. Amazon describes this approach here: http://
Changed in keystone: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is now possible with the /v3/credentials API introduced in Grizzly, along with pluggable authentication (also new in Grizzly).