Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

1. Log in to the Dashboard and select the correct region.
2. Go to Identity → Application Credentials and click Create Application Credential.
3. In the form that opens, fill out:
   • Name – a descriptive name for the credential.
   • Secret – choose a secure secret (password-like).
   • Expiration – set an (optional) expiration date.
4. At the bottom of the form, click Create Application Credential.
5. Download the OpenRC file and save it, for example as my_token.sh. Alternatively, you can download the file clouds.yaml.

Make sure to protect your secret — store it securely and do not share it.

Source your credential file my_token.sh:

source my_token.sh

The following command will display the active cloud configuration (check the application credentials in the output):

openstack configuration show

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you will be prompted for the secret each time you use the credential file.

A clouds.yaml file provides a convenient way to configure access to OpenStack without exporting many environment variables manually.

clouds:
  openstack:
    auth:
      auth_url: https://your-auth-url:5000
      application_credential_id: "YOUR_ID"
      application_credential_secret: "YOUR_SECRET"
    region_name: "RegionOne"
    interface: "public"
    identity_api_version: 3
    auth_type: "v3applicationcredential"

If this is your only cloud, you can place the file at one of the default locations:

• ~/.config/openstack/clouds.yaml
• /etc/openstack/clouds.yaml

OpenStack CLI tools will automatically detect the file there.

If your file is stored in a custom location, you can specify it explicitly:

export OS_CLIENT_CONFIG_FILE=/path/to/clouds.yaml

In multi-cloud setups, you can define multiple entries and select one by specifying the cloud name, e.g.:

export OS_CLOUD=openstack

Once the above configuration is set, the following command will display the active cloud configuration (check the application credentials in the output):

 openstack configuration show

To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).

There are in general two authentication methods:

See the section Create an application credential.

This method only works if password-based authentication is enabled for your account.

1. Log in to the Dashboard.
2. In the top-right corner, click "OpenStack RC File".
3. Download and save the file, for example as my_creds.sh.

Run the following commands in a terminal:

source ./my_creds.sh
openstack token issue

This will issue an authentication token, confirming that your credentials are working correctly.

For common tasks such as managing instances, volumes, and networks, see: Guide: OpenStack CLI – Basic Usage

The following tools are commonly used for (semi-)automated provisioning of resources.

Yes. You can use this Ansible template for an easier start.