OpenStack Queens added support for "Application Credentials" (a.k.a. API tokens) that allows software to make API calls without exposing user/password.
This necessary to support use cases where project owners want to make use of automation software (e.g. Terraform) to deploy their infrastructure. Currently, this has to be done in a point-and-click manner through the Horizon WebUI.
More about it here: