Page MenuHomeDevCentral

Deploy Vault to store credentials
Open, HighPublic


We currently use several strategies to store credentials, the reference one being to use the passphrase application on DevCentral.

@Sandlayth is responsible for the deployment, @dereckson will handle the migration of current secrets to Vault.

Vault will contain:

  • passwords for Docker containers
  • credentials to log in to external services (e.g. API keys for a mail service)

Some credentials will still be stored on DevCentral:

  • SSH keys used for Harbourmaster
  • SSH keys as deploy keys for GitHub repositories

Some credentials needed to install Vault will also be stored on file:

  • Credentials to access Vault backend storage

Then, to configure Salt to use Vault, provides a checklist-like howto.

Event Timeline

Current status: a development Vault works, we're going to play with it for a few days, then switch to production one.

dereckson removed Sandlayth as the assignee of this task.Mar 8 2018, 21:11

[ Mass switching long-time assigned tasks to user projects dashboards instead. ]