When using the murano CLI, environment variables related to keystone auth (such as OS_CACERT) are ignored. As a result, the only way to set these variables is to to use the command line flags which is inconsistent with the documented behavior as well as with all other openstack commands.
This appears to be because of the way the murano cli deals with the deprecated flags (cert-file, key-file, ca-file) for managing these options. Specifically, the argument parser is configured to store the values for the deprecated flags into the same attributes as used by the keystone arg parsing:
https://github.com/openstack/python-muranoclient/blob/master/muranoclient/shell.py#L103
This appears to override the default values (the environment variables) set by the call to keystone client's register_cli_options() method:
https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/session.py#L926
https:/
The above review contains the fix for this bug.