Closed
Bug 1144130
Opened 10 years ago
Closed 10 years ago
store secrets & make them available to Puppet
Categories
(Socorro :: Infra, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dmaher, Assigned: dmaher)
References
Details
We need a way to store secrets (tokens, keys, whatever) that is accessible to Puppet. It makes sense to leverage Hiera for this purpose. Ideally we'd have both a Consul and an S3 back-end to Hiera, with priority going to Consul - fallback to S3 backup in the event that Consul is down (or hasn't been provisioned yet).
|
Assignee | |
Comment 1•10 years ago
|
||
Of note:
* https://github.com/lynxman/hiera-consul
* https://github.com/ianshward/hiera-s3
* https://github.com/yo61/hiera-s3 (more recent fork)
|
|
Assignee | |
Comment 2•10 years ago
|
||
The aforementioned hiera-s3 plugin isn't that great so I rolled my own[0]. Hooray for open source!
[0] https://github.com/phrawzty/hiera-s3
|
|
Assignee | |
Comment 3•10 years ago
|
||
Quick RPM spec for hiera-consul: https://github.com/phrawzty/hiera-consul-rpm
|
|
Assignee | |
Comment 4•10 years ago
|
||
We now have a working model as well as the necessary packages and configs for using Hiera to access Consul and S3 (in that order). Yay!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•