Page MenuHomeDevCentral

VaultInfrastructure
ActivePublic

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Jan 28 2024

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3302: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path.
Jan 28 2024, 19:11 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

Secrets have been migrated from dot notation to slash notation.

Jan 28 2024, 19:10 · User-Dereckson, Vault, Nasqueron Operations Squad, security

May 29 2023

dereckson closed T1890: Deploy Vault on Eglide as Resolved.
May 29 2023, 17:18 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3154: Help to configure Salt for Vault access on shellserver.
May 29 2023, 17:14 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3153: Help operations to unseal Eglide Vault.
May 29 2023, 14:43 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3152: Configure Vault on shellserver.
May 29 2023, 10:56 · Odderon, IRC, Vault, security, Eglide
dereckson added a comment to T1890: Deploy Vault on Eglide.

Server log

May 29 2023, 10:54 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1739: Add SASL capability to Darkbot.
May 29 2023, 02:29 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3151: Install Vault on shellserver.
May 29 2023, 02:28 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1721: Move IRC bots from Freenode to Libera.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson moved T1890: Deploy Vault on Eglide from Backlog to Next to deploy on the Odderon board.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson triaged T1890: Deploy Vault on Eglide as Normal priority.
May 29 2023, 00:01 · Odderon, IRC, Vault, security, Eglide

May 18 2023

dereckson closed T928: Deploy Vault to store credentials as Resolved.

DRP merged, so we're good :)

May 18 2023, 11:45 · User-Sandlayth, Vault
dereckson closed T1702: Deploy Complector aka la source, a subtask of T923: Switch Vault to restricted network, as Resolved.
May 18 2023, 11:44 · Vault, Nasqueron Docker deployment squad
dereckson closed T1702: Deploy Complector aka la source as Resolved.
May 18 2023, 11:44 · Salt, Vault, security, Servers
dereckson closed T1559: Figure how to deploy automatically /var/51-wwwroot credentials as Resolved by committing rOPS4295a983aa53: Clone wwwroot51 repositories wih proper credentials.
May 18 2023, 09:08 · Operations sprints (Consolidate them all), Vault, Servers

May 13 2023

dereckson added a revision to T1559: Figure how to deploy automatically /var/51-wwwroot credentials: D3094: Clone wwwroot51 repositories wih proper credentials.
May 13 2023, 23:57 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Working on on the Operations sprints (Consolidate them all) board.
May 13 2023, 20:14 · Operations sprints (Consolidate them all), Vault, Servers
dereckson moved T1559: Figure how to deploy automatically /var/51-wwwroot credentials from Backlog to Working on on the Servers board.

Okay, let's do an easy thing to solve that for DevCentral repositories:

May 13 2023, 20:13 · Operations sprints (Consolidate them all), Vault, Servers

Apr 16 2023

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

The role webserver-alkane instead of the role webserver-legacy can be deployed to WindRiver.

Apr 16 2023, 20:14 · Operations sprints (Consolidate them all), Vault, Servers

Mar 15 2023

dereckson triaged T1797: Accept payloads from Vault as Normal priority.
Mar 15 2023, 20:54 · Vault, Notifications center

Mar 7 2023

dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

Documentation says Zemke-Rhyme Phabricator account should be used.

Mar 7 2023, 20:27 · Operations sprints (Consolidate them all), Vault, Servers
dereckson closed T1425: Provision secrets through Salt as Resolved.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

Mar 7 2023, 20:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson closed T929: Determine a policy for vault master key, a subtask of T928: Deploy Vault to store credentials, as Wontfix.
Mar 7 2023, 20:24 · User-Sandlayth, Vault
dereckson closed T929: Determine a policy for vault master key as Wontfix.

The point is currently moot as we don't have an operations SIG large enough to allow key shares.

Mar 7 2023, 20:24 · Vault
dereckson lowered the priority of T928: Deploy Vault to store credentials from High to Normal.

Current status: ZR has been decom, we now deploy credentials through from Vault.

Mar 7 2023, 20:23 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault, a subtask of T928: Deploy Vault to store credentials, as Resolved.
Mar 7 2023, 20:19 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault as Resolved.
Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

And with the Zemke-Rhyne decom, we're done.

Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2854: Decommission Zemke-Rhyne.
Mar 7 2023, 20:14 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Mar 3 2023

dereckson closed T1594: Acquisitariat and Etherpad issue as Resolved.

Those issues are resolved now we use Vault to provision passwords.

Mar 3 2023, 20:15 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Feb 24 2023

dereckson closed T1743: Publish Vault certificate information as Resolved by committing rOPSfc39dddc37d9: Publish Vault certificate information.
Feb 24 2023, 20:14 · Servers, Salt, Vault
dereckson added a revision to T1743: Publish Vault certificate information: D2812: Publish Vault certificate information.
Feb 24 2023, 20:13 · Servers, Salt, Vault
dereckson claimed T1743: Publish Vault certificate information.
Feb 24 2023, 20:09 · Servers, Salt, Vault

Feb 16 2023

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2800: Switch credentials from Zemke-Rhyme to Vault.
Feb 16 2023, 21:27 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D2800: Switch credentials from Zemke-Rhyme to Vault.
Feb 16 2023, 21:27 · security, Nasqueron Operations Squad, Vault, Salt

Feb 9 2023

dereckson closed T1733: Store credentials in Vault as Resolved.
Feb 9 2023, 22:25 · security, Vault, Dæghrefn

Nov 13 2022

dereckson created T1743: Publish Vault certificate information.
Nov 13 2022, 11:54 · Servers, Salt, Vault

May 30 2022

dereckson triaged T1736: Audit Vault as Normal priority.
May 30 2022, 21:50 · Vault
dereckson closed T923: Switch Vault to restricted network, a subtask of T928: Deploy Vault to store credentials, as Resolved.
May 30 2022, 21:49 · User-Sandlayth, Vault
dereckson closed T923: Switch Vault to restricted network as Resolved.
May 30 2022, 21:49 · Vault, Nasqueron Docker deployment squad

May 12 2022

dereckson added a revision to T1733: Store credentials in Vault: D2687: Configure ViperServ eggdrops to use Vault.
May 12 2022, 22:54 · security, Vault, Dæghrefn
dereckson added a revision to T1733: Store credentials in Vault: D2686: Fetch credentials from Vault.
May 12 2022, 22:22 · security, Vault, Dæghrefn
dereckson triaged T1733: Store credentials in Vault as Normal priority.
May 12 2022, 22:22 · security, Vault, Dæghrefn

Apr 15 2022

dereckson closed T1619: Connect all baremetal servers to Drake network, a subtask of T1702: Deploy Complector aka la source, as Resolved.
Apr 15 2022, 19:20 · Salt, Vault, security, Servers
dereckson added a comment to T1702: Deploy Complector aka la source.

Vault is live and Salt deployments were successful to cloudhugger dwellers windriver ysul (and Complector itself).

Apr 15 2022, 19:19 · Salt, Vault, security, Servers
dereckson added a revision to T1702: Deploy Complector aka la source: D2672: Prune salt-primary role on Ysul and WindRiver.
Apr 15 2022, 19:16 · Salt, Vault, security, Servers
dereckson added a revision to T1425: Provision secrets through Salt: D2671: Avoid a server to keep access to stale Vault policies.
Apr 15 2022, 19:11 · security, Nasqueron Operations Squad, Vault, Salt
dereckson added a revision to T1425: Provision secrets through Salt: D2669: Avoid to share credentials between dev and prod Docker engines.
Apr 15 2022, 17:53 · security, Nasqueron Operations Squad, Vault, Salt

Apr 3 2022

dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Apr 3 2022, 19:49 · User-Dereckson, Vault, Nasqueron Operations Squad, security