Page MenuHomeDevCentral

Deploy Vault to store credentials
Open, HighPublic

Description

We currently use several strategies to store credentials, the reference one being to use the passphrase application on DevCentral.

@Sandlayth is responsible for the deployment, @dereckson will handle the migration of current secrets to Vault.

Vault will contain:

  • passwords for Docker containers
  • credentials to log in to external services (e.g. API keys for a mail service)

Some credentials will still be stored on DevCentral:

  • SSH keys used for Harbourmaster
  • SSH keys as deploy keys for GitHub repositories

Some credentials needed to install Vault will also be stored on file:

  • Credentials to access Vault backend storage

Then, to configure Salt to use Vault, https://medium.com/@aratik711/saltstack-and-vault-integration-20eeb2e7ec9c provides a checklist-like howto.

Event Timeline

Current status: a development Vault works, we're going to play with it for a few days, then switch to production one.

Sandlayth moved this task from Backlog to Next on the User-Sandlayth board.Aug 31 2016, 14:39
Sandlayth moved this task from Next to Backlog on the User-Sandlayth board.Mar 4 2017, 08:00
dereckson removed Sandlayth as the assignee of this task.Mar 8 2018, 21:11

[ Mass switching long-time assigned tasks to user projects dashboards instead. ]

dereckson updated the task description. (Show Details)Oct 5 2018, 19:48