Page MenuHomeDevCentral

Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path
ClosedPublic

Authored by dereckson on Jan 28 2024, 19:11.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 15, 19:40
Unknown Object (File)
Fri, Nov 15, 16:52
Unknown Object (File)
Thu, Nov 14, 07:59
Unknown Object (File)
Wed, Nov 13, 22:39
Unknown Object (File)
Wed, Nov 13, 20:44
Unknown Object (File)
Wed, Nov 13, 03:09
Unknown Object (File)
Wed, Nov 13, 01:14
Unknown Object (File)
Tue, Nov 12, 15:35
Subscribers
None

Details

Summary

Zemke-Rhyne secrets have been migrated to Vault under ops/secrets/<old name>.

Vault offers a concept of path to organize secrets a hierarchical way,
while under Zemke-Rhyne, the name of the secret used dots.

Ref T930

Test Plan

Refresh Vault policies, deploy a service on PaaS Docker

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This change touches Wolfplex files. As such, administrative approval is needed from Wolfplex technical contact.

In D3302#50408, @Herald wrote:

This change touches Wolfplex files. As such, administrative approval is needed from Wolfplex technical contact.

The change is only technical from Vault perspective: secrets were stored in ops/secrets/<former Zemke-Rhyne name>,
and have now been migrated to new paths using a slash ("/") as separator instead of a dot (".").

For Wolfplex files, it's indeed now needed to use ops/secrets/nasqueron/etherpad/api to get Etherpad API key.

Credentials for Wolfplex are now all located in ops/secrets/wolfplex/.

This revision is now accepted and ready to land.Jan 28 2024, 19:16

Consolidate dot and slash sections in credentials pillar.