In a Nutshell

Application Credentials enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation. You can use these credentials with the OpenStack client to manage your cloud resources from the command line. Automation tools like Ansible or Terraform can be used for efficient deployment and configuration of instances.

Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

1. Log in to the Dashboard and select the correct region.
2. Go to Identity → Application Credentials and click Create Application Credential.
3. In the form that opens, fill out:
   • Name – a descriptive name for the credential.
   • Secret – choose a secure secret (password-like).
   • Expiration – set an (optional) expiration date.
4. At the bottom of the form, click Create Application Credential.
5. Download the OpenRC file and save it, for example as my_token.sh.

Make sure to protect your secret — store it securely and do not share it.

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you will be prompted for the secret each time you use the credential file.

Source your credential file my_token.sh:

source my_token.sh

Then run the following command. You should see your credential ID.

curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential

If curl or jq are not installed, you can install them using your system’s package manager (apt, dnf, brew, etc.).

To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).

There are two supported authentication methods:

This is the preferred method, especially for scripting and automation.

1. Log in to the Dashboard.
2. Create an Application Credential (see this guide for instructions).
3. Download and save the generated file, e.g. as my_creds.sh.

Use this method only if you cannot use tokens.

1. Log in to the Dashboard.
2. In the top-right corner, click "OpenStack RC File".
3. Download and save the file, for example as my_creds.sh.

Run the following commands in a terminal:

source ./my_creds.sh
openstack server list

This will display a list of your currently active instances in the selected project.

The following tools are commonly used for (semi-)automated provisioning of resources.

Method	Usage
Terraform	This tool can be used to create an instance or a defined infrastructure.
Ansible	Create roles or tasks for all customizations that you make in an instance.

Yes. You can use this Ansible template for an easier start.