(feature request) allow multiple credentials per user for phased credential rotation
Bug #943488 reported by
Ben Hartshorne
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
In order to change the credentials for a running application, it is useful to be able to have multiple active credentials for a given user account. It allows the following procedure for credential rotation:
* create new credential
* change client configuration to use new credential
* revoke old credential
In large production enviromnents, it is often infeasible to change all the clients at once, requiring a slow shift from the old to the new credential. Amazon describes this approach here: http://
| Changed in keystone: | |
| importance: | Undecided → Wishlist |
| status: | New → Confirmed |
Revision history for this message
| Dolph Mathews (dolph) wrote | #1 |
| Changed in keystone: | |
| status: | Confirmed → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is now possible with the /v3/credentials API introduced in Grizzly, along with pluggable authentication (also new in Grizzly).