Alcali is a front-end for Salt to store jobs run result.
It also offers conformity checks: run periodically the highstate to determine if the server is still in deployed state. This is the killer feature we're interested in.
Security challenges for this deployment:
- Risk to store credentials if:
- file.managed using them doesn't use show_output: False
- stored as docker containers environment variables (it doesn't currently offer show_output: False)
- Need to be deployed on Complector or a dedicated Docker engine for infra not publicly reachable -> document SSH tunnel or VPN use
Useful links: