Page MenuHomeDevCentral
Create Task
Maniphest T1425

Provision secrets through Salt
Closed, ResolvedPublic
Actions

Description

Initial future plan at T928 and T930 is to deploy a Vault server to handle secrets.

Currently, we've a way to store credentials in DevCentral, and a bridge through the @zemke-rhyne account to fetch credentials from CLI (through a SSH connection to Ysul, then through an Conduit call, see rZR).

So, waiting T930 resolution, we can query secrets in Salt using rZR, keeping in mind we want to transition to another solution later.

Revisions and Commits

rOPS Nasqueron Operations
D2800rOPS051691cf49c0 Switch credentials from Zemke-Rhyme to Vault
D2671rOPS15526ba96582 Avoid a server to keep access to stale Vault policies
D2669rOPS7e0c3d8bb793 Avoid to share credentials between dev and prod Docker engines
D2649rOPS0e4eca7aea58 Provide compatibility methods with Zemke-Rhyme for Vault
D2638rOPSaf9db00760be Deploy policies for Vault
D1738rOPS4d55fdc16e13 Map the Phabricator credentials ID
D1736rOPSb92938323d10 Provide Etherpad API key to container
D1150rOPSe1cbddef01ce Deploy Zemke-Rhyne to Ysul
D1678rOPS886eef9b8caf Create zemke-rhyne directory on Docker servers
D1679rOPSe41e9df45cfa Provision Zemke Rhyne key on Docker servers
D1681rOPSae7ed5e6e225 Provision servers and credentials list to Zemke-Rhyne
D1718rOPSc204df2205cb Provide execution module for Zemke-Rhyne
D1677rOPS2027b2c50789 Migrate cachet to Equatower
rSTAGING Staging area
D1688rSTAGINGec46b74e38ec Bump Zemke-Rhyne to 1e6782ca7054
D1686rSTAGING4a7752d6176f Bump Zemke-Rhyne to b4a14c67baec
rZR Zemke-Rhyne
D1685rZRb4a14c67baec Migrate data/servers.json to Salt deployment
D1687rZR1e6782ca7054 Provide a make clean command

Related Objects

Event Timeline

dereckson created this task.Sep 12 2018, 09:54
dereckson added commits: rOPS2027b2c50789: Migrate cachet to Equatower, rOPSc204df2205cb: Provide execution module for Zemke-Rhyne, rOPSae7ed5e6e225: Provision servers and credentials list to Zemke-Rhyne, rSTAGING4a7752d6176f: Bump Zemke-Rhyne to b4a14c67baec, rSTAGINGec46b74e38ec: Bump Zemke-Rhyne to 1e6782ca7054, rOPSe41e9df45cfa: Provision Zemke Rhyne key on Docker servers, rOPS886eef9b8caf: Create zemke-rhyne directory on Docker servers, rOPSe1cbddef01ce: Deploy Zemke-Rhyne to Ysul, rOPSb92938323d10: Provide Etherpad API key to container.
dereckson added a revision: D1738: Map the Phabricator credentials ID.Sep 12 2018, 09:56
dereckson added a commit: rOPS4d55fdc16e13: Map the Phabricator credentials ID.Sep 12 2018, 10:00
dereckson added a commit: rZR1e6782ca7054: Provide a make clean command.Sep 12 2018, 10:03
dereckson added a commit: rZRb4a14c67baec: Migrate data/servers.json to Salt deployment.
dereckson updated the task description. (Show Details)Sep 12 2018, 10:26
dereckson added a revision: D2638: Deploy policies for Vault.Mar 26 2022, 15:09
dereckson added a commit: rOPSaf9db00760be: Deploy policies for Vault.Apr 3 2022, 10:33
dereckson added a revision: D2649: Provide compatibility methods with Zemke-Rhyme for Vault.Apr 3 2022, 18:59
dereckson added a commit: rOPS0e4eca7aea58: Provide compatibility methods with Zemke-Rhyme for Vault.Apr 3 2022, 19:22
dereckson added a revision: D2669: Avoid to share credentials between dev and prod Docker engines.Apr 15 2022, 17:53
dereckson added a revision: D2671: Avoid a server to keep access to stale Vault policies.Apr 15 2022, 19:11
dereckson added a commit: rOPS7e0c3d8bb793: Avoid to share credentials between dev and prod Docker engines.Apr 15 2022, 19:50
dereckson added a commit: rOPS15526ba96582: Avoid a server to keep access to stale Vault policies.Apr 19 2022, 18:55
dereckson added a revision: D2800: Switch credentials from Zemke-Rhyme to Vault.Feb 16 2023, 21:27
dereckson added a commit: rOPS051691cf49c0: Switch credentials from Zemke-Rhyme to Vault.Feb 16 2023, 23:03
dereckson closed this task as Resolved.Mar 7 2023, 20:26
dereckson claimed this task.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator