Hardening Plaintext Secrets in Configuration Files

Many applications and services rely on configuration data in order to behave according to the customer needs. The standard library gives us ConfigParser, and many projects use it to achieve easy configuration with plaintext config files.

OpenStack Common Libraries (Oslo) has an enhanced alternative called oslo.config with support to command line arguments, option deprecation, and much more. With the addition of the source drivers feature, it is possible to increase the security of config values storing them in a safer place.

The source drivers feature allows extra sources of configuration data other than plaintext config files adding the possibility to have other layers of security around the configuration values and increasing the fail-safe options.