From ece5b265d718f25dce9cd413aa1db2360cec34cb Mon Sep 17 00:00:00 2001
From: Andrey Pavlov <apavlov@mirantis.com>
Date: Mon, 6 Mar 2017 05:40:42 +0000
Subject: [PATCH] Store sensitive configs in secret

Change-Id: If03e4560fbedf3d31226eee9ee1e527f90196929
Depends-On: Ie6a9833cdf73b076e24204d47e5898dfb24de43e
---
 service/files/defaults.yaml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
index 550b8ee..2e05c18 100644
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@@ -9,18 +9,11 @@ configs:
     admin_port:
       cont: 35357
 
-    db:
-      password: password
-      name: keystone
-      username: keystone
-
     wsgi:
       processes: 6
       threads: 1
 
     fernet_secret_name: keystone-fernet-keys
-    # 100% random default
-    credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
 
     notifications:
       enable: false
@@ -29,6 +22,16 @@ configs:
 
     encrypt_tokens_in_memcached:
       enabled: true
+
+secret_configs:
+  keystone:
+    db:
+      password: password
+      name: keystone
+      username: keystone
+
+    credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
+    encrypt_tokens_in_memcached:
       secret_key: password
 
   openstack: