Page MenuHomeDevCentral
Projects Continous integration and delivery Vault

VaultInfrastructure
ActivePublic
Watch Project

Members (2)

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity
View All

Wed, Jul 24

dereckson updated the task description for T1983: Enable telemetry on Vault.
Wed, Jul 24, 00:00 · Vault, Monitoring and reporting

Tue, Jul 23

dereckson triaged T1983: Enable telemetry on Vault as Low priority.
Tue, Jul 23, 23:57 · Vault, Monitoring and reporting

Sun, Jul 7

dereckson added a revision to T1975: Allow ops to login to Vault: D3357: Allow to issue Vault token with admin policy.
Sun, Jul 7, 14:23 · Salt, Vault
dereckson triaged T1976: Update Salt to 3007 on FreeBSD servers as Normal priority.
Sun, Jul 7, 13:29 · Salt, Vault
dereckson added a revision to T1975: Allow ops to login to Vault: D3355: Allow Salt policy to create admin-level tokens.
Sun, Jul 7, 13:19 · Salt, Vault
dereckson moved T1975: Allow ops to login to Vault from Backlog to Services to add on the Salt board.
Sun, Jul 7, 13:17 · Salt, Vault
dereckson triaged T1975: Allow ops to login to Vault as High priority.
Sun, Jul 7, 13:17 · Salt, Vault

Jun 2 2024

dereckson added a comment to P352 Renew Vault certificates automation - renew.py.
  • pprint isn't used anymore
  • need to run black
  • description needs to be updated
  • TTL can be much shorter if we automate this procedure
Jun 2 2024, 22:43 · Servers, Vault
dereckson added a comment to P351 Renew Vault certificates automation - renew.sh.

sudo kill -1 $(cat /var/run/vault.pid)

Error management should be done to check if that pids exist or return an error code.

Jun 2 2024, 22:40 · Servers, Vault
dereckson added a comment to P351 Renew Vault certificates automation - renew.sh.

Needs hvac and pyyaml as packages to be installed on the server, Complector doesn't currently have hvac, only pyyaml.

Jun 2 2024, 22:38 · Servers, Vault
dereckson triaged T1966: Automate certificates renewal for Vault as Normal priority.
Jun 2 2024, 22:37 · Vault
dereckson created P352 Renew Vault certificates automation - renew.py.
Jun 2 2024, 22:35 · Servers, Vault
dereckson created P351 Renew Vault certificates automation - renew.sh.
Jun 2 2024, 22:34 · Servers, Vault

Jan 28 2024

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3302: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path.
Jan 28 2024, 19:11 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

Secrets have been migrated from dot notation to slash notation.

Jan 28 2024, 19:10 · User-Dereckson, Vault, Nasqueron Operations Squad, security

May 29 2023

dereckson closed T1890: Deploy Vault on Eglide as Resolved.
May 29 2023, 17:18 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3154: Help to configure Salt for Vault access on shellserver.
May 29 2023, 17:14 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3153: Help operations to unseal Eglide Vault.
May 29 2023, 14:43 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3152: Configure Vault on shellserver.
May 29 2023, 10:56 · Odderon, IRC, Vault, security, Eglide
dereckson added a comment to T1890: Deploy Vault on Eglide.

Server log

May 29 2023, 10:54 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1739: Add SASL capability to Darkbot.
May 29 2023, 02:29 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3151: Install Vault on shellserver.
May 29 2023, 02:28 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1721: Move IRC bots from Freenode to Libera.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson moved T1890: Deploy Vault on Eglide from Backlog to Next to deploy on the Odderon board.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson triaged T1890: Deploy Vault on Eglide as Normal priority.
May 29 2023, 00:01 · Odderon, IRC, Vault, security, Eglide

May 18 2023

dereckson closed T928: Deploy Vault to store credentials as Resolved.

DRP merged, so we're good :)

May 18 2023, 11:45 · User-Sandlayth, Vault
dereckson closed T1702: Deploy Complector aka la source, a subtask of T923: Switch Vault to restricted network, as Resolved.
May 18 2023, 11:44 · Vault, Nasqueron Docker deployment squad
dereckson closed T1702: Deploy Complector aka la source as Resolved.
May 18 2023, 11:44 · Salt, Vault, security, Servers
dereckson closed T1559: Figure how to deploy automatically /var/51-wwwroot credentials as Resolved by committing rOPS4295a983aa53: Clone wwwroot51 repositories wih proper credentials.
May 18 2023, 09:08 · Operations sprints (Consolidate them all), Vault, Servers

May 13 2023

dereckson added a revision to T1559: Figure how to deploy automatically /var/51-wwwroot credentials: D3094: Clone wwwroot51 repositories wih proper credentials.
May 13 2023, 23:57 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Working on on the Operations sprints (Consolidate them all) board.
May 13 2023, 20:14 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Working on on the Servers board.

Okay, let's do an easy thing to solve that for DevCentral repositories:

May 13 2023, 20:13 · Operations sprints (Consolidate them all), Vault, Servers

Apr 16 2023

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

The role webserver-alkane instead of the role webserver-legacy can be deployed to WindRiver.

Apr 16 2023, 20:14 · Operations sprints (Consolidate them all), Vault, Servers

Mar 15 2023

dereckson triaged T1797: Accept payloads from Vault as Normal priority.
Mar 15 2023, 20:54 · Vault, Notifications center

Mar 7 2023

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

Documentation says Zemke-Rhyme Phabricator account should be used.

Mar 7 2023, 20:27 · Operations sprints (Consolidate them all), Vault, Servers
dereckson closed T1425: Provision secrets through Salt as Resolved.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

Mar 7 2023, 20:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson closed T929: Determine a policy for vault master key, a subtask of T928: Deploy Vault to store credentials, as Wontfix.
Mar 7 2023, 20:24 · User-Sandlayth, Vault
dereckson closed T929: Determine a policy for vault master key as Wontfix.

The point is currently moot as we don't have an operations SIG large enough to allow key shares.

Mar 7 2023, 20:24 · Vault
dereckson lowered the priority of T928: Deploy Vault to store credentials from High to Normal.

Current status: ZR has been decom, we now deploy credentials through from Vault.

Mar 7 2023, 20:23 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault, a subtask of T928: Deploy Vault to store credentials, as Resolved.
Mar 7 2023, 20:19 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault as Resolved.
Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

And with the Zemke-Rhyne decom, we're done.

Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2854: Decommission Zemke-Rhyne.
Mar 7 2023, 20:14 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Mar 3 2023

dereckson closed T1594: Acquisitariat and Etherpad issue as Resolved.

Those issues are resolved now we use Vault to provision passwords.

Mar 3 2023, 20:15 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Feb 24 2023

dereckson closed T1743: Publish Vault certificate information as Resolved by committing rOPSfc39dddc37d9: Publish Vault certificate information.
Feb 24 2023, 20:14 · Servers, Salt, Vault
dereckson added a revision to T1743: Publish Vault certificate information: D2812: Publish Vault certificate information.
Feb 24 2023, 20:13 · Servers, Salt, Vault
dereckson claimed T1743: Publish Vault certificate information.
Feb 24 2023, 20:09 · Servers, Salt, Vault

Feb 16 2023

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2800: Switch credentials from Zemke-Rhyme to Vault.
Feb 16 2023, 21:27 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D2800: Switch credentials from Zemke-Rhyme to Vault.
Feb 16 2023, 21:27 · security, Nasqueron Operations Squad, Vault, Salt

Feb 9 2023

dereckson closed T1733: Store credentials in Vault as Resolved.
Feb 9 2023, 22:25 · security, Vault, Dæghrefn
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator