prowler-cloud/prowler

Support OpenStack Application Credentials for authentication

Open

#10829 opened on Apr 21, 2026

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Python (8,957 stars) (1,322 forks)batch import
feature-requesthelp wantednot-plannedprovider/openstack

Description

Feature search

  • I have searched the existing issues and this feature has not been requested yet or is already in our Public Roadmap

Which component would this feature affect?

Prowler CLI/SDK

Related to specific cloud provider?

Not provider-specific

New feature motivation

I would like to perform security scans on a self-hosted OpenStack environment. Currently, Prowler seems to rely on interactive user credentials (username/password). However, in my environment, authentication is managed via an IAM, which prevents the use of standard local user credentials.

Solution Proposed

Update the OpenStack provider in Prowler to support Application Credentials for authentication.

Use case and benefits

1)Enables seamless integration of Prowler into CI/CD pipelines for continuous security auditing of OpenStack projects 2)Encourages the "Principle of Least Privilege" by using application-specific credentials instead of sharing full user account passwords 3)Makes Prowler a viable tool for large-scale organizations that use federated identity (SSO) for their private cloud infrastructure.

Describe alternatives you've considered

I tried using application credentials as username and password, but doesn't work

Additional context

No response

Contributor guide

Tech stack
python
Domain
authenticationsecuritycloud
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PythonOpenStack authenticationProwler codebase structure
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
65
Research direction
The issue requests adding support for OpenStack Application Credentials. Review Prowler's OpenStack provider module (likely under `providers/openstack/`) to understand the current authentication implementation. Investigate how the openstacksdk handles application credentials (e.g., via `openstack.connect` with `auth type='v3applicationcredential'`). There are no linked PRs or additional comments, so the implementation is open ended. Ensure backward compatibility with existing username/password authentication.