Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

1. Log in to the Dashboard and select the correct region.
2. Go to Identity → Application Credentials and click Create Application Credential.
3. In the form that opens, fill out:
   • Name – a descriptive name for the credential.
   • Secret – choose a secure secret (password-like).
   • Expiration – set an (optional) expiration date.
4. At the bottom of the form, click Create Application Credential.
5. Download the OpenRC file and save it, for example as my_token.sh. Alternatively, you can download the file clouds.yaml.

Make sure to protect your secret — store it securely and do not share it.

Source your credential file my_token.sh:

source my_token.sh

Then run the following command. You should see your credential ID.

curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential

If curl or jq are not installed, you can install them using your system’s package manager (apt, dnf, brew, etc.).

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you will be prompted for the secret each time you use the credential file.

A ``clouds.yaml`` file provides a convenient way to configure access to OpenStack without exporting many environment variables manually.

If this is your only cloud, you can place the file at one of the default locations:

• ``~/.config/openstack/clouds.yaml``
• ``/etc/openstack/clouds.yaml``

OpenStack CLI tools will automatically detect the file there.

In multi-cloud setups, you can define multiple entries and select one using:

<syntaxhighlight lang="bash"> export OS_CLOUD=openstack </syntaxhighlight>

If your file is stored in a custom location, you can specify it explicitly:

<syntaxhighlight lang="bash"> export OS_CLIENT_CONFIG_FILE=/path/to/clouds.yaml </syntaxhighlight>

You can combine both variables when working outside the default paths:

<syntaxhighlight lang="bash"> export OS_CLIENT_CONFIG_FILE=/home/user/clouds.yaml export OS_CLOUD=openstack </syntaxhighlight>

<syntaxhighlight lang="yaml"> clouds:

 openstack:
   auth:
     auth_url: https://your-auth-url:5000
     application_credential_id: "YOUR_ID"
     application_credential_secret: "YOUR_SECRET"
   region_name: "RegionOne"
   interface: "public"
   identity_api_version: 3
   auth_type: "v3applicationcredential"

</syntaxhighlight>

<syntaxhighlight lang="bash"> openstack configuration show </syntaxhighlight>

If configured correctly, this command will display the active cloud configuration.

To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).

There are two supported authentication methods:

This is the preferred method, especially for scripting and automation.

1. Log in to the Dashboard.
2. Create an Application Credential (see this guide for instructions).
3. Download and save the generated file, e.g. as my_creds.sh.

Use this method only if you cannot use tokens.

1. Log in to the Dashboard.
2. In the top-right corner, click "OpenStack RC File".
3. Download and save the file, for example as my_creds.sh.

Run the following commands in a terminal:

source ./my_creds.sh
openstack server list

This will display a list of your currently active instances in the selected project.

The following tools are commonly used for (semi-)automated provisioning of resources.

Yes. You can use this Ansible template for an easier start.