Comment 2 for bug 1884457

Hi Pavel, thanks for reporting this. I have several questions:

1. Which Trove version are you using for the testing?
2. Did you config service tenant model for Trove? In service tenant model (which is the default in devstack since stable/train and is recommended for Trove deployment[1]), all the resources created for a trove instance are located in the service tenant scope, and are invisible to normal users. So it's relatively impossible for malicious user to get into the instance and get message queue credentials.

[1]: https://docs.openstack.org/trove/latest/admin/run_trove_in_production.html#service-tenant-deployment