[garndt-q3/2015-goal] Add ability for docker-worker to consume secrets from the provisioner

RESOLVED FIXED

Status

Taskcluster
Docker-Worker
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: garndt, Assigned: garndt)

Tracking

Details

(Assignee)

Description

2 years ago
docker-worker should consume secrets from the provisioner and remove any secret things being baked into the ami images.
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
(Assignee)

Updated

2 years ago
Assignee: nobody → garndt
(Assignee)

Comment 1

2 years ago
Work has been done to either consume secrets from the provisioner [1] or have some necessary secrets baked into the base image [2]

Now there should be no secret left in the AMI that is build for the app (the app AMI just uses the base AMI as the source so it has the secrets).  Anyone with AWS credentials for our account should now be able to create the app AMI and update the provisioner.

[1] https://github.com/taskcluster/docker-worker/pull/115
[2] https://github.com/taskcluster/docker-worker/pull/164
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.