Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Jan 28 2024

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3302: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path.
Jan 28 2024, 19:11 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

Secrets have been migrated from dot notation to slash notation.

Jan 28 2024, 19:10 · User-Dereckson, Vault, Nasqueron Operations Squad, security

May 29 2023

dereckson closed T1890: Deploy Vault on Eglide as Resolved.
May 29 2023, 17:18 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3154: Help to configure Salt for Vault access on shellserver.
May 29 2023, 17:14 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3153: Help operations to unseal Eglide Vault.
May 29 2023, 14:43 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3152: Configure Vault on shellserver.
May 29 2023, 10:56 · Odderon, IRC, Vault, security, Eglide
dereckson added a comment to T1890: Deploy Vault on Eglide.

Server log

May 29 2023, 10:54 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1739: Add SASL capability to Darkbot.
May 29 2023, 02:29 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3151: Install Vault on shellserver.
May 29 2023, 02:28 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1721: Move IRC bots from Freenode to Libera.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson moved T1890: Deploy Vault on Eglide from Backlog to Next to deploy on the Odderon board.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson triaged T1890: Deploy Vault on Eglide as Normal priority.
May 29 2023, 00:01 · Odderon, IRC, Vault, security, Eglide

May 18 2023

dereckson closed T928: Deploy Vault to store credentials as Resolved.

DRP merged, so we're good :)

May 18 2023, 11:45 · User-Sandlayth, Vault
dereckson closed T1702: Deploy Complector aka la source, a subtask of T923: Switch Vault to restricted network, as Resolved.
May 18 2023, 11:44 · Vault, Nasqueron Docker deployment squad
dereckson closed T1702: Deploy Complector aka la source as Resolved.
May 18 2023, 11:44 · Salt, Vault, security, Servers
dereckson closed T1559: Figure how to deploy automatically /var/51-wwwroot credentials as Resolved by committing rOPS4295a983aa53: Clone wwwroot51 repositories wih proper credentials.
May 18 2023, 09:08 · Operations sprints (Consolidate them all), Vault, Servers

May 13 2023

dereckson added a revision to T1559: Figure how to deploy automatically /var/51-wwwroot credentials: D3094: Clone wwwroot51 repositories wih proper credentials.
May 13 2023, 23:57 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Working on on the Operations sprints (Consolidate them all) board.
May 13 2023, 20:14 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Working on on the Servers board.

Okay, let's do an easy thing to solve that for DevCentral repositories:

May 13 2023, 20:13 · Operations sprints (Consolidate them all), Vault, Servers

Apr 16 2023

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

The role webserver-alkane instead of the role webserver-legacy can be deployed to WindRiver.

Apr 16 2023, 20:14 · Operations sprints (Consolidate them all), Vault, Servers

Mar 15 2023

dereckson triaged T1797: Accept payloads from Vault as Normal priority.
Mar 15 2023, 20:54 · Vault, Notifications center

Mar 7 2023

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

Documentation says Zemke-Rhyme Phabricator account should be used.

Mar 7 2023, 20:27 · Operations sprints (Consolidate them all), Vault, Servers
dereckson closed T1425: Provision secrets through Salt as Resolved.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

Mar 7 2023, 20:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson closed T929: Determine a policy for vault master key, a subtask of T928: Deploy Vault to store credentials, as Wontfix.
Mar 7 2023, 20:24 · User-Sandlayth, Vault
dereckson closed T929: Determine a policy for vault master key as Wontfix.

The point is currently moot as we don't have an operations SIG large enough to allow key shares.

Mar 7 2023, 20:24 · Vault
dereckson lowered the priority of T928: Deploy Vault to store credentials from High to Normal.

Current status: ZR has been decom, we now deploy credentials through from Vault.

Mar 7 2023, 20:23 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault, a subtask of T928: Deploy Vault to store credentials, as Resolved.
Mar 7 2023, 20:19 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault as Resolved.
Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

And with the Zemke-Rhyne decom, we're done.

Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2854: Decommission Zemke-Rhyne.
Mar 7 2023, 20:14 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Mar 3 2023

dereckson closed T1594: Acquisitariat and Etherpad issue as Resolved.

Those issues are resolved now we use Vault to provision passwords.

Mar 3 2023, 20:15 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Feb 24 2023

dereckson closed T1743: Publish Vault certificate information as Resolved by committing rOPSfc39dddc37d9: Publish Vault certificate information.
Feb 24 2023, 20:14 · Servers, Salt, Vault
dereckson added a revision to T1743: Publish Vault certificate information: D2812: Publish Vault certificate information.
Feb 24 2023, 20:13 · Servers, Salt, Vault
dereckson claimed T1743: Publish Vault certificate information.
Feb 24 2023, 20:09 · Servers, Salt, Vault

Feb 16 2023

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2800: Switch credentials from Zemke-Rhyme to Vault.
Feb 16 2023, 21:27 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D2800: Switch credentials from Zemke-Rhyme to Vault.
Feb 16 2023, 21:27 · security, Nasqueron Operations Squad, Vault, Salt

Feb 9 2023

dereckson closed T1733: Store credentials in Vault as Resolved.
Feb 9 2023, 22:25 · security, Vault, Dæghrefn

Nov 13 2022

dereckson created T1743: Publish Vault certificate information.
Nov 13 2022, 11:54 · Servers, Salt, Vault

May 30 2022

dereckson triaged T1736: Audit Vault as Normal priority.
May 30 2022, 21:50 · Vault
dereckson closed T923: Switch Vault to restricted network, a subtask of T928: Deploy Vault to store credentials, as Resolved.
May 30 2022, 21:49 · User-Sandlayth, Vault
dereckson closed T923: Switch Vault to restricted network as Resolved.
May 30 2022, 21:49 · Vault, Nasqueron Docker deployment squad

May 12 2022

dereckson added a revision to T1733: Store credentials in Vault: D2687: Configure ViperServ eggdrops to use Vault.
May 12 2022, 22:54 · security, Vault, Dæghrefn
dereckson added a revision to T1733: Store credentials in Vault: D2686: Fetch credentials from Vault.
May 12 2022, 22:22 · security, Vault, Dæghrefn
dereckson triaged T1733: Store credentials in Vault as Normal priority.
May 12 2022, 22:22 · security, Vault, Dæghrefn

Apr 15 2022

dereckson closed T1619: Connect all baremetal servers to Drake network, a subtask of T1702: Deploy Complector aka la source, as Resolved.
Apr 15 2022, 19:20 · Salt, Vault, security, Servers
dereckson added a comment to T1702: Deploy Complector aka la source.

Vault is live and Salt deployments were successful to cloudhugger dwellers windriver ysul (and Complector itself).

Apr 15 2022, 19:19 · Salt, Vault, security, Servers
dereckson added a revision to T1702: Deploy Complector aka la source: D2672: Prune salt-primary role on Ysul and WindRiver.
Apr 15 2022, 19:16 · Salt, Vault, security, Servers
dereckson added a revision to T1425: Provision secrets through Salt: D2671: Avoid a server to keep access to stale Vault policies.
Apr 15 2022, 19:11 · security, Nasqueron Operations Squad, Vault, Salt
dereckson added a revision to T1425: Provision secrets through Salt: D2669: Avoid to share credentials between dev and prod Docker engines.
Apr 15 2022, 17:53 · security, Nasqueron Operations Squad, Vault, Salt

Apr 3 2022

dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Apr 3 2022, 19:49 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D2649: Provide compatibility methods with Zemke-Rhyme for Vault.
Apr 3 2022, 18:59 · security, Nasqueron Operations Squad, Vault, Salt

Mar 29 2022

dereckson lowered the priority of T929: Determine a policy for vault master key from High to Normal.
Mar 29 2022, 22:56 · Vault
dereckson added a revision to T923: Switch Vault to restricted network: D2615: Deploy Vault and Salt master on Complector.
Mar 29 2022, 22:55 · Vault, Nasqueron Docker deployment squad
dereckson added a revision to T928: Deploy Vault to store credentials: D2624: Deploy Vault.
Mar 29 2022, 22:54 · User-Sandlayth, Vault
dereckson added a revision to T923: Switch Vault to restricted network: D2624: Deploy Vault.
Mar 29 2022, 22:54 · Vault, Nasqueron Docker deployment squad
dereckson added a revision to T1702: Deploy Complector aka la source: D2624: Deploy Vault.
Mar 29 2022, 22:54 · Salt, Vault, security, Servers
dereckson added a revision to T923: Switch Vault to restricted network: D2646: Deploy public and Nasqueron certificates.
Mar 29 2022, 22:50 · Vault, Nasqueron Docker deployment squad
dereckson added a revision to T928: Deploy Vault to store credentials: D2646: Deploy public and Nasqueron certificates.
Mar 29 2022, 22:50 · User-Sandlayth, Vault

Mar 26 2022

dereckson added a revision to T1702: Deploy Complector aka la source: D2639: Allow to recreate Vault configuration as DRP plan B.
Mar 26 2022, 15:19 · Salt, Vault, security, Servers
dereckson added a revision to T928: Deploy Vault to store credentials: D2638: Deploy policies for Vault.
Mar 26 2022, 15:09 · User-Sandlayth, Vault
dereckson added a revision to T1425: Provision secrets through Salt: D2638: Deploy policies for Vault.
Mar 26 2022, 15:09 · security, Nasqueron Operations Squad, Vault, Salt

Mar 24 2022

dereckson moved T930: Secrets to migrate from DevCentral to Vault from Backlog to In progress on the User-Dereckson board.
Mar 24 2022, 00:50 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a project to T930: Secrets to migrate from DevCentral to Vault: User-Dereckson.
Mar 24 2022, 00:49 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Mar 24 2022, 00:48 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Mar 24 2022, 00:46 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson claimed T930: Secrets to migrate from DevCentral to Vault.

Migrated secrets

Mar 24 2022, 00:43 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Mar 22 2022

dereckson added a revision to T1702: Deploy Complector aka la source: D2615: Deploy Vault and Salt master on Complector.
Mar 22 2022, 18:29 · Salt, Vault, security, Servers

Mar 15 2022

dereckson removed a parent task for T928: Deploy Vault to store credentials: T1129: Deploy Odderon on Eglide.
Mar 15 2022, 00:45 · User-Sandlayth, Vault
dereckson added a subtask for T1702: Deploy Complector aka la source: T1619: Connect all baremetal servers to Drake network.
Mar 15 2022, 00:44 · Salt, Vault, security, Servers
dereckson added a parent task for T1702: Deploy Complector aka la source: Unknown Object (Maniphest Task).
Mar 15 2022, 00:44 · Salt, Vault, security, Servers
dereckson added a parent task for T1702: Deploy Complector aka la source: T923: Switch Vault to restricted network.
Mar 15 2022, 00:43 · Salt, Vault, security, Servers
dereckson added a subtask for T923: Switch Vault to restricted network: T1702: Deploy Complector aka la source.
Mar 15 2022, 00:43 · Vault, Nasqueron Docker deployment squad
dereckson updated the task description for T1702: Deploy Complector aka la source.
Mar 15 2022, 00:43 · Salt, Vault, security, Servers
dereckson created T1702: Deploy Complector aka la source.
Mar 15 2022, 00:42 · Salt, Vault, security, Servers

Sep 12 2021

dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Sep 12 2021, 08:46 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Oct 2 2020

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

So Vault?

Oct 2 2020, 23:12 · Operations sprints (Consolidate them all), Vault, Servers

Sep 22 2020

dereckson moved T1594: Acquisitariat and Etherpad issue from Backlog to Blocked on the Operations sprints (Consolidate them all) board.
Sep 22 2020, 00:57 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a comment to T1594: Acquisitariat and Etherpad issue.

All the quoted containers are priority candidates to be moved to Kubernetes cluster.

Sep 22 2020, 00:57 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson triaged T1594: Acquisitariat and Etherpad issue as Low priority.
Sep 22 2020, 00:56 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Feb 14 2020

dereckson added a comment to T1594: Acquisitariat and Etherpad issue.

The option is the same for Etherpad and DevCentral:

Feb 14 2020, 15:52 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a project to T1594: Acquisitariat and Etherpad issue: Operations sprints (Consolidate them all).
Feb 14 2020, 15:44 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson updated the task description for T1594: Acquisitariat and Etherpad issue.
Feb 14 2020, 15:44 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson created T1594: Acquisitariat and Etherpad issue.
Feb 14 2020, 15:42 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a revision to T1559: Figure how to deploy automatically /var/51-wwwroot credentials: D2206: WIP: improve wwwroot 51 clone repository.
Feb 14 2020, 01:39 · Operations sprints (Consolidate them all), Vault, Servers

Jan 31 2020

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

It seems it's also possible to store the deploy key on the master, as long as it's fine to copy it to the server:

Jan 31 2020, 11:33 · Operations sprints (Consolidate them all), Vault, Servers

Jan 25 2020

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

D2151 works well, but there are two issues:

Jan 25 2020, 09:36 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Closed tasks to revisit on the Vault board.
Jan 25 2020, 04:27 · Operations sprints (Consolidate them all), Vault, Servers
dereckson added a project to T1559: Figure how to deploy automatically /var/51-wwwroot credentials: Operations sprints (Consolidate them all).
Jan 25 2020, 04:26 · Operations sprints (Consolidate them all), Vault, Servers
dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

Perhaps a master key would be more pertinent, if so, that's a candidate for Vault.

We've a deploy key in salt master, let's use it.

Jan 25 2020, 04:09 · Operations sprints (Consolidate them all), Vault, Servers
dereckson added a revision to T1559: Figure how to deploy automatically /var/51-wwwroot credentials: D2154: Use deploy account to clone wwwroot51.
Jan 25 2020, 04:05 · Operations sprints (Consolidate them all), Vault, Servers

Dec 16 2019

dereckson updated the task description for T1559: Figure how to deploy automatically /var/51-wwwroot credentials.
Dec 16 2019, 14:08 · Operations sprints (Consolidate them all), Vault, Servers
dereckson triaged T1559: Figure how to deploy automatically /var/51-wwwroot credentials as High priority.
Dec 16 2019, 14:08 · Operations sprints (Consolidate them all), Vault, Servers

Oct 5 2018

dereckson updated the task description for T928: Deploy Vault to store credentials.
Oct 5 2018, 19:48 · User-Sandlayth, Vault

Sep 12 2018

dereckson updated the task description for T1425: Provision secrets through Salt.
Sep 12 2018, 10:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Sep 12 2018, 10:25 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D1738: Map the Phabricator credentials ID.
Sep 12 2018, 09:56 · security, Nasqueron Operations Squad, Vault, Salt
dereckson created T1425: Provision secrets through Salt.
Sep 12 2018, 09:54 · security, Nasqueron Operations Squad, Vault, Salt

Apr 27 2017

dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Apr 27 2017, 17:47 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Mar 4 2017

Sandlayth moved T928: Deploy Vault to store credentials from Next to Backlog on the User-Sandlayth board.
Mar 4 2017, 08:01 · User-Sandlayth, Vault

Jan 24 2017

dereckson added a parent task for T928: Deploy Vault to store credentials: T1129: Deploy Odderon on Eglide.
Jan 24 2017, 23:53 · User-Sandlayth, Vault
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator