Yes, it's a fork from Vault 1.14 so we've all the features of token generation. back to the shorter s. tokens).

• about the UI it could be usefull managing secrets more easyly

• pprint isn't used anymore
• need to run black
• description needs to be updated
• TTL can be much shorter if we automate this procedure

sudo kill -1 $(cat /var/run/vault.pid)

Error management should be done to check if that pids exist or return an error code.

Needs hvac and pyyaml as packages to be installed on the server, Complector doesn't currently have hvac, only pyyaml.

Secrets have been migrated from dot notation to slash notation.

Server log

DRP merged, so we're good :)

Okay, let's do an easy thing to solve that for DevCentral repositories:

The role webserver-alkane instead of the role webserver-legacy can be deployed to WindRiver.

Documentation says Zemke-Rhyme Phabricator account should be used.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

The point is currently moot as we don't have an operations SIG large enough to allow key shares.

Current status: ZR has been decom, we now deploy credentials through from Vault.

And with the Zemke-Rhyne decom, we're done.

Those issues are resolved now we use Vault to provision passwords.

Vault is live and Salt deployments were successful to cloudhugger dwellers windriver ysul (and Complector itself).