...
  • Products
    • Infrastructure
      • Hybrid Cloud

        Combine private and public clouds to bring your corporate IT environment together in a single, secure system.

      • Private Cloud

        An isolated virtual IT infrastructure with maximum security, a high SLA and complete freedom of action.

      • Cloud Infrastructure

        Everything you need to build and manage cloud infrastructure—virtual machines and clusters, networking, data storage and load balancers.

      • Public Cloud

        An isolated virtual IT infrastructure with maximum security, a top-tier SLA and total operational freedom.

    • Servers and Computing
      • Virtual Machines

        High-performance, highly available VPS/VDS with automatic provisioning and full root access to the OS. The resources you order are reserved exclusively for you.

      • Dedicated Servers

        Ready-made physical server configurations with rapid deployment and component replacement within 24 hours. Internet traffic starting at 15 TB.

      • Cloud Servers

        Versatile, scalable virtual server environments tailored to your business needs, offering flexible resource allocation.

    • Networking
      • Floating IPs

        Easily reassigned IP addresses to ensure service continuity and high availability for mission-critical applications.

      • Virtual Networks

        A suite of network services that delivers enhanced security, scalability and high resource availability to optimise your cloud ecosystem.

      • IP Addresses Leasing

        An extensive IP-address marketplace that provides a solid foundation for scalability and business continuity.

      • Cloud Load Balancing

        Even distribution of traffic across virtual servers, ensuring high availability and top infrastructure performance.

      • Firewall as a Service (FWaaS)

        Protect your cloud resources by defining access rules and evenly distributing traffic to keep applications running smoothly.

    • Cloud Storage
      • Object Storage

        Scalable, flexible and easy-to-manage storage for all kinds of data and workloads.

      • Cloud Data Storage

        Our network storage supports a broad range of protocols, including FTP/SFTP, NFS, CIFS/Samba, iSCSI, SSH (SCP), WebDAV and RSYNC.

    • Containers
      • Kubernetes

        An orchestration system that automates the deployment, scaling and management of containerised applications.

      • Container Registry

        A secure service for storing, managing and deploying container images, optimising DevOps workflows.

    • Managed Databases
      • MongoDB

        A high-performance NoSQL database ideal for flexible, efficient management of large volumes of data.

      • Elasticsearch

        A powerful search and analytics engine for indexing large volumes of data and handling real-time queries.

      • PostgreSQL

        A massively parallel processing (MPP) platform for large-scale data warehousing and analytics.

      • Greenplum

        A massively parallel processing (MPP) platform for large-scale data warehousing and analytics.

      • MySQL

        The world’s most popular open-source database, renowned for its reliability, simplicity and speed.

      • Redis

        An in-memory data-structure store that serves as a database, cache and message broker for lightning-fast data access.

      • Apache Kafka

        A distributed data-streaming platform that lets you build data pipelines and real-time applications.

      • ClickHouse

        A high-performance columnar DBMS optimised for online analytical processing (OLAP).

      • OpenSearch

        An open search-and-analytics suite used for real-time log monitoring and analysis.

    • Security
      • DRaaS

        Ensure business continuity with our reliable disaster-recovery solutions, delivering rapid restoration and minimal downtime when unexpected issues arise.

      • DDoS Protection

        Neutralise DDoS attacks at every OSI layer up to L7 while maintaining your web resources’ performance with Qurator and DDOS Guard.

  • More
    • Documentation

      Description of the functionality and principles of Servermall Cloud.

    • Referral Program

      A form of cooperation between Servermall Cloud and its partners
  1. Servermall Cloud
  2. Documentation
  3. OpenStackClient Authentication via Environment Variables

OpenStackClient Authentication via Environment Variables

Published on

All data is current as of

For OpenStackClient to manage your cloud infrastructure, you must obtain authentication data and set it in environment variables. Below we show how to do this on Windows, Linux, and macOS, including how to save a local authentication script.

⚠️ Important: Storing a password in scripts or the command history can lead to compromise. For security, use interactive password input (see examples below).

Prerequisites

  1. You must have an account in the SMCloud Customer Portal. For how to register an account, see the guide: Creating an Account.
  2. You must order the “Cloud Infrastructure” service and receive a message that it is ready—either to the email address linked to your account or in the SMCloud Customer Portal.
  3. Python and OpenStackClient must be installed according to the guide: “Installing OpenStackClient”.

I. Retrieving the Password from the Service Management Panel

The password for authentication is stored in the SMCloud Cloud Infrastructure management panel. To retrieve it, do the following:

  1. Sign in to the SMCloud Control Panel. For how to do this, see:
    1. If 2FA is not used, see “Signing in to the Control Panel”.
    2. If 2FA is enabled, see “2FA Signing in to the Control Panel”.
  2. Select the main menu item “Services”.
    You will be taken to the “My Products & Services” page.
  3. Select the cloud infrastructure for which authentication is required.


    You will be taken to the “Cloud Infrastructure” service management panel.
  4. In the “Management Panel” section, click the “Click to copy” button (with the icon showing two sheets of paper) located on the “Password” line.


    The authentication password will be copied to the clipboard, as indicated by the message “The data has been successfully copied to the clipboard”.

II. Obtaining the OpenRC File

You can download the OpenRC file from the cloud infrastructure management panel (cloud console) by performing the following steps:

  1. Sign in to the Cloud Infrastructure Control Panel. For how to do this, see the guide: “Logging in to the Cloud Infrastructure Control Panel”.
  2. Click the user menu located in the upper-right corner of the panel.


    A drop-down menu of user actions will open.
  3. Select “Get OpenRC file”.

  4. Click the “Type” field to open the list.
  5. Choose “Password Type”.
  6. Click “OK”.


    A dialog will open to save the OpenRC file.
  7. Save the OpenRC file locally.

III. Authenticating from Windows

To authenticate to the cloud infrastructure, you must set Windows environment variables.

Below we cover how to create a script to set environment parameters using PowerShell, CMD, and Git Bash, and also show how to quickly clear variables in the current session — for example, if you need to switch to another cloud infrastructure.

Authentication with PowerShell

We will create a script that specifies all the required data for authentication, including either storing the password or prompting the user for it.

Creating the script

  1. Create the script file
    Create a file with the *.ps1 extension to hold your environment variables. For example: os_auth.ps1.
  2. Define the script structure
    Copy the following content into the file you created:
     $env:OS_AUTH_URL="https://cli.pbcloud.services:5000/v3/"
$env:OS_USERNAME="<OS_USERNAME>"
$env:OS_PROJECT_ID="<OS_PROJECT_ID>"
$env:OS_PROJECT_DOMAIN_NAME="<OS_PROJECT_DOMAIN_NAME>"
$env:OS_USER_DOMAIN_NAME="<OS_USER_DOMAIN_NAME>"
$env:OS_REGION_NAME="RegionOne"
$env:OS_INTERFACE="public"
$env:OS_IDENTITY_API_VERSION=3
  1. Fill in the values from the RC file
    Replace the placeholders in angle brackets <…> with actual values for your project from the RC file obtained earlier in Section II — omitting the angle brackets themselves — for the following parameters: <OS_USERNAME>, <OS_PROJECT_ID>, <OS_PROJECT_DOMAIN_NAME>, <OS_USER_DOMAIN_NAME>.

    An example of the filled-in script might look like this:
     $env:OS_AUTH_URL="https://cli.pbcloud.services:5000/v3/"
$env:OS_USERNAME="wuofcwvh"
$env:OS_PROJECT_ID="f805701a98324d3398b5365707e2fd4c"
$env:OS_PROJECT_DOMAIN_NAME="my-domain-31-715-725-1746533363"
$env:OS_USER_DOMAIN_NAME="my-domain-31-715-725-1746533363"
$env:OS_REGION_NAME="RegionOne"
$env:OS_INTERFACE="public"
$env:OS_IDENTITY_API_VERSION=3
  1. Choose how to obtain the password
    If you want to store the cloud infrastructure password in the script, add the line:
     $env:OS_PASSWORD = "<OS_PASSWORD>"

    where <OS_PASSWORD> is the cloud infrastructure password you obtained in Section I, “Retrieving the Password from the Service Management Panel.”

    However, you must ensure the script is not accessible to unauthorized persons, as it will contain data sufficient to connect to and manage your cloud infrastructure.

    A more secure approach is to prompt for the password each time you configure the environment variables. To implement this, instead of hardcoding the password, add the following code to the script:
     $pass = Read-Host -AsSecureString "OpenStack password"
$BSTR = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass)
try {
  $plain = [Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
} finally {
  [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
}
$env:OS_PASSWORD = $plain

    This code prompts the user for the cloud password and stores it in environment variables for the current session only; the password is not saved locally.

Using the script

  1. Allow local scripts to run
    If necessary, allow scripts created locally (on this system) by running:
     Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

    When prompted “Do you want to change the execution policy?” press Y to allow running local scripts, then press Enter.

    Local scripts can now run without a signature, while those downloaded from the internet must be signed by a trusted publisher (otherwise PowerShell will block them). This command applies only to the current session; if you close the PowerShell window, the permission is revoked.
  2. Run the script
    Launch the authentication script in PowerShell. For example, if os_auth.ps1 is in the current directory:
     .\os_auth.ps1

    he script will set environment variables for authenticating to the cloud infrastructure via OpenStackClient.

Clearing environment variables in the current session

If you need to clear environment variables in the current session—for security or to switch to another cloud infrastructure—run the following in PowerShell:

 # Remove all environment variables starting with "OS_"
Get-ChildItem Env:OS_* | Remove-Item

# Clear variables used for storing the password (if SecureString was used)
if ($pass -ne $null) { $pass = $null }
if ($plain -ne $null) { $plain = $null }

This removes all environment variables with the OS_ prefix and zeros out any temporary variables used to hold the password.

Authentication via CMD

We will create a script for the Windows command line (CMD.EXE) that sets all required authentication data, either storing the password or prompting the user.

Creating the script

  1. Create the script
    Create a file with the *.cmd extension to hold your environment variables. For example: os_auth.cmd.
  2. Define the script structure
    Copy the following into the newly created file:
     @echo off
set "OS_AUTH_URL=https://cli.pbcloud.services:5000/v3/"
set "OS_USERNAME=<OS_USERNAME>"
set "OS_PROJECT_ID=<OS_PROJECT_ID>"
set "OS_PROJECT_DOMAIN_NAME=<OS_PROJECT_DOMAIN_NAME>"
set "OS_USER_DOMAIN_NAME=<OS_USER_DOMAIN_NAME>"
set "OS_REGION_NAME=RegionOne"
set "OS_INTERFACE=public"
set "OS_IDENTITY_API_VERSION=3"

    If you want environment variables to persist in the registry for future sessions, use setx instead of set. However, saving the password with setx is not recommended for security and is acceptable only for test and training scenarios.
  3. Fill in the values from the RC file
    Replace the placeholder values in angle brackets <…> with the actual values for your project from the RC file obtained earlier in Section II, excluding the brackets themselves, for the following parameters: <OS_USERNAME>, <OS_ROJECT_ID>, <OS_PROJECT_DOMAIN_NAME>, <OS_USER_DOMAIN_NAME>.

    An example of the filled-in script might look like this:
     @echo off
set "OS_AUTH_URL=https://cli.pbcloud.services:5000/v3/"
set "OS_USERNAME=wuofcwvh"
set "OS_PROJECT_ID=f805701a98324d3398b5365707e2fd4c"
set "OS_PROJECT_DOMAIN_NAME=my-domain-31-715-725-1746533363"
set "OS_USER_DOMAIN_NAME=my-domain-31-715-725-1746533363"
set "OS_REGION_NAME=RegionOne"
set "OS_INTERFACE=public"
set "OS_IDENTITY_API_VERSION=3"
  1. Choose how to obtain the password
    If you want to store the cloud infrastructure password in the script, add:
     set "OS_PASSWORD=<OS_PASSWORD>"
    where <OS_PASSWORD> is the cloud password you obtained in Section I.“Retrieving the Password from the Service Management Panel”.

    However, you must ensure the script is not accessible to unauthorized persons, since it will contain all data necessary to connect to and manage your cloud infrastructure.

    A more secure method is to prompt for the password each time you set up the environment variables. To implement this, instead of hardcoding the password, add:
     set /p OS_PASSWORD=OpenStack password:

    This line prompts the user for the password (input will be visible) for cloud authentication and sets it as an environment variable for the current session only, without saving it to disk.
     

Using the script

Run the authentication script in CMD (Command Prompt). For example, if os_auth.cmd is in the current directory:

 call os_auth.cmd

The script will set environment variables for authenticating to the cloud infrastructure via OpenStackClient.

Clearing environment variables in the current session

If you need to clear environment variables in the current session—for security or to authenticate against another cloud infrastructure—run the following in CMD:

 for /f "tokens=1 delims==" %v in ('set OS_ 2^>nul') do set "%v="

All environment variables beginning with OS_ will be cleared.

Attention: Clearing environment variables does not guarantee complete removal of data from the OS memory. For maximum security, restart the console/terminal session after working with sensitive data.

Authentication via Git for Windows (Git Bash)

If Git Bash is installed on your system, you can use it to authenticate to and manage your cloud infrastructure.

  1. Start Git Bash
    All subsequent operations will be performed in the Git Bash terminal.
  2. Find the path to openstack.exe
    Git Bash does not always have the same PATHs as Windows, particularly the folder containing Python scripts and OpenStackClient. Find this path:
     /c/Windows/System32/where.exe openstack.exe

    Example output:
     C:\Users\testuser\AppData\Local\Programs\Python\Python313\Scripts\openstack.exe

    If the command returns no path, ensure OpenStackClient is installed correctly per “Installing OpenStackClient”.
  3. Add the obtained path to Git Bash PATH
    Add the following block in Git Bash, replacing <Path_to_scripts> with the path from the previous step, but without the openstack.exe filename and with an additional backslash (\) at the end:
     # Insert the Windows path to the scripts folder in place of <Path_to_scripts> (without openstack.exe at the end and with ‘\’ added)
win_path="<Path_to_scripts>"  

# Convert the Windows path to Unix form for Git Bash
unix_path=$(cygpath -u "$win_path")  

# Add the Unix-form path to PATH
echo "export PATH=\"$unix_path:\$PATH\"" >> ~/.bashrc

# Apply the changes to the current session
source ~/.bashrc

    The result may look like this, for example:
     
win_path="C:\Users\testuser\AppData\Local\Programs\Python\Python313\Scripts\\"
unix_path=$(cygpath -u "$win_path")
echo "export PATH=\"$unix_path:\$PATH\"" >> ~/.bashrc
source ~/.bashrc

    After running the above commands, verify success:
     openstack --version

    If you see the OpenStackClient version (for example, openstack 8.2.0), the path was added successfully, and it will be available automatically the next time you launch Git Bash.
  4. Run the OpenRC file
    To run the script, use:
     source <(tr -d '\r' < "")

    where <path_and_name_of_RC_file> is the path to the RC file specified in Unix style (forward slashes instead of backslashes, and the drive letter — e.g., C: — is replaced with a prefix like /c/).

    For example, if openrc.sh is in C:\downloads\, the command will be:
     source <(tr -d '\r' < "/c/downloads/openrc.sh")

    This command runs openrc.sh, which will prompt the user for the cloud password and set environment variables for authentication.
  1. Enter the password
    When you see a message like: “Please enter your OpenStack Password for project <PROJECT> as user <USER>”, enter the cloud password obtained in Section “I. Retrieving the Password from the Service Management Panel”.

    If for some reason the password was not requested, was entered incorrectly, or you skipped it, set the password manually:
     read -rsp "OpenStack password: " OS_PASSWORD; echo; export OS_PASSWORD
  1. Verify authorization
     openstack token issue

    If authorization succeeds, information about the generated authentication token will be displayed.
  1. Done
    You can now manage the cloud through OpenStackClient from the Git Bash console.

    Note: After closing Git Bash, the authentication session (environment variables from OpenRC) is reset. To re-authenticate, run openrc.sh again (see step 4). The PATH entry remains—it is saved in ~/.bashrc.

IV. Authenticating from Linux and macOS

To set environment variables for OpenStackClient, you need to run openrc.sh. The procedure for obtaining it is shown in Section II. “Obtaining the OpenRC File”.

  1. Run the RC file
    Use a command of the form:
     source <path>/openrc.sh

    where is the <path> to openrc.sh.

    For example, if openrc.sh is in the current directory:
     source openrc.sh

    Or, if openrc.sh is in /home/ubuntu/:
     source /home/ubuntu/openrc.sh

    The script will set environment variables for authentication to the cloud infrastructure and will prompt for its password.
  1. Enter the password
    When you see a message like: “Please enter your OpenStack Password for project <PROJECT> as user <USER>”, enter the cloud password obtained in Section “I. Retrieving the Password from the Service Management Panel”.

    If for some reason the password was not requested, was entered incorrectly, or you skipped it, set it manually:These commands prompt for the password and save it in an environment variable for subsequent authentication.
    • bash (Linux/macOS):
       read -rsp "OpenStack password: " OS_PASSWORD; echo; export OS_PASSWORD
    • zsh (default on macOS):
       read -rs "?OpenStack password: " OS_PASSWORD; echo; export OS_PASSWORD
  1. Verify authorization
     openstack token issue

    If authorization succeeds, information about the generated authentication token will be displayed.
  1. Done
    You can now manage the cloud from the terminal.

    Note: Environment variables set via source openrc.sh are effective only for the current terminal session and are reset after it is closed. To re-authenticate, perform step 1 again (run openrc.sh).

What’s next?

After you authenticate successfully, you can fully manage your cloud infrastructure: create, change, and delete resources, set up networks and security policies, monitor service status, and more.

Where to find the commands: