Creating Application Credentials
Application Credentials provide secure authentication for applications and automation scripts. This guide shows how to quickly create them using the OpenStack CLI.
Prerequisites
# Install OpenStack CLI
pip install python-openstackclient
# Authenticate with your user credentials
source openrc.sh # or set your environment variables
Quick Creation Commands
# Create Application Credential with reader role (read-only access)
openstack application credential create \
--role reader \
--description "Monitoring and reporting application" \
my-reader-app
# Create Application Credential with member role (full project management)
openstack application credential create \
--role member \
--description "CI/CD automation and deployment" \
my-member-app
# Create with expiration date (recommended)
openstack application credential create \
--role reader \
--expires-at "2024-12-31T23:59:59" \
--description "Temporary access for monitoring" \
temp-reader-app
Using the Credentials
After creation, use the returned credentials in your applications:
# Set environment variables
export OS_AUTH_TYPE=v3application_credential
export OS_AUTH_URL=https://api.pub1.infomaniak.cloud/identity/v3
export OS_APPLICATION_CREDENTIAL_ID="your-credential-id"
export OS_APPLICATION_CREDENTIAL_SECRET="your-credential-secret"
# Test authentication
openstack token issue
Save Your Credentials
The Application Credential secret is only shown once during creation. Save it securely immediately.
Role Selection Guide
| Role | Use Cases | Permissions |
|---|---|---|
reader |
Monitoring, reporting, compliance checks | Read-only access to project resources |
member |
CI/CD, automation, resource management | Full project management capabilities |
Service-Specific Permissions
Select the service documentation below for detailed permission matrices:
Core Infrastructure Services
- Compute (Nova) - Virtual machines and server management
- Image (Glance) - Image management and sharing
- Block Storage (Cinder) - Volumes, snapshots, and backups
- Network (Neutron) - Networking and security groups
Advanced Services
- Load Balancer (Octavia) - Load balancer configuration
- DNS (Designate) - DNS zones and records
- Orchestration (Heat) - Infrastructure as Code
- Billing (CloudKitty) - Cost tracking and billing
- Monitoring (Aodh) - Alarms and monitoring
- Key Management (Barbican) - Secrets and certificate management
Next: Choose a service above to view detailed permissions and usage examples for your Application Credentials.