I created a few machines in Openstack using the Rancher API. For this I had to provide my Openstack user and password.
Using: /v1/projects/1a5/hosts/1h1/physicalhost I can see my Openstack password in plain text. I suppose it’s not the end of the world as long as the openstack password is not also my corp account password. But still this will be a bit difficult to manage. I was experimenting with creating a “read only” user to see if this information was hidden from that user, but it’s not.
I don’t know the solution here, but I don’t know how I can give people access to the UI if they can use it to gain access to the underlying openstack cluster.