Using application credentials

With application credentials, you can allow your applications to authenticate to OpenStack without embedding user credentials in configuration files. This is especially important in cases when the user's identification is provided by an external system, such as LDAP or a single-sign-on service.

To grant an application access to a project, you need to create an application credential with delegated role assignments on this project, and then use the application credential identifier and a secret string for authentication. You can delegate the same role assignments that you have on that project to the application credential or only a subset of your role assignments. This is useful, for example, if you have administrative privileges on a project, but you want to limit the application privileges to read-only.

To learn how to create and manage application credentials, refer to the OpenStack documentation.