Here an inventory of secrets currently stored:
| ID | Title | Description | Proposed action | Status |
| K2 | Zemke-Rhyne SSH key | Key used to connect to zr@ysul.nasqueron.org to use arc commands | Destroy | Not needed after migration |
| K17 | Ysul-Jails-ftp-jenksbak | Ysul — ftp. — Shell account for Jenks backup | Destroy | Destroyed |
| K20 | Nasqueron ship on Zed - Kadira app secret | Values for KADIRA_APP_ID and KADIRA_APP_SECRET environment variables | Migrate | Destroyed |
| K21 | Nasqueron ship on Zed - MongoDB | MongoDB 2.4 cartridge credentials for ship.nasqueron.org | Migrate | |
| K33 | stages@wolfplex.be mailbox password | Mailbox used for stages.wolfplex.be job board. | Migrate | |
| K34 | Wolfplex Stages admin password | Admin account for stages.wolfplex.be | Migrate | |
| K38 | Operations root account on Dwellers | Password to allow from ops@dwellers to gain access to ops-root@dwellers through su ops-root. | Transform into sudo policy | Destroyed, sudo ok |
| K40 | sandstorm.nasqueron.org root access | Digital Ocean droplet to test Sandstorm's root password (not used anymore) | Destroy | Destroyed |
| K45 | SendGrid API key for Zed applications | Used by code.zed.dereckson.be | Migrate | Migrated |
| K47 | Database credentials for Cachet | DB_USERNAME/DB_PASSWORD for cachet container environment variables | Migrate | Migrated |
| K49 | jenkins-agent-php SSH key | Jenkins SSH key to connect to Docker containers using the nasqueron/jenkins-agent-php image. | Migrate | |
| K52 | Drydock CI/CD | Connect to Drydock hosts for CI and CD purposes. | Investigate use | |
| K53 | alken-orin | alken-orin account on GitHub | Migrate | |
| K56 | Notifications center broker access | Access to white-rabbit.nasqueron.org RabbitMQ instance for the Notifications center. | Migrate | Migrated |
| K57 | Alken-Orin's master SSH key | SSH key for Alken-Orin GH/DevCentral accounts to interact with repositories | Investigate use | |
| K58 | Root password for uncle-slovius.nasqueron.org | Jail to test Rocket Chat. See T714. | Transform into sudo policy | Destroyed |
| K61 | Sentry — PostgreSQL | Sentry PostgreSQL password | Migrate | |
| K62 | Sentry — Secret key | Secret key for Sentry instances, to use as -e SENTRY_SECRET_KEY=... to run Docker containers. | Migrate | |
| K63 | SMTP credential for forum.nasqueron.org | smtp.mailgun.org | Migrate | |
| K67 | Auth grove MySQL access | MySQL credentials for 'login' Docker container on Dwellers | Migrate | Migrated |
| K70 | AWS Console | Access to the Amazon S3 account used for Vault (Chicken or the egg problem) | Keep here | |
Actively used keys
Delete these keys must be done with the greatest care, as they would impede normal use:
- Account passwords for humans:
- @amj is looking for K58
- @Sandlayth is looking for K38 and K70
- @dereckson is looking for K70
- Docker run scripts on Dwellers:
- run-login K67 - migrated
- run-notifications K56 - migrated
- run-sentry* K61, K62
- run-zedphab K45 - migrated
- Docker provisioning through rOPS:
- cachet K47 - migrated
- Etherpad K125 - migrated