Page MenuHomeDevCentral

Provision secrets through Salt
Closed, ResolvedPublic


Initial future plan at T928 and T930 is to deploy a Vault server to handle secrets.

Currently, we've a way to store credentials in DevCentral, and a bridge through the @zemke-rhyne account to fetch credentials from CLI (through a SSH connection to Ysul, then through an Conduit call, see rZR).

So, waiting T930 resolution, we can query secrets in Salt using rZR, keeping in mind we want to transition to another solution later.

Event Timeline

dereckson claimed this task.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.