Avoid to share credentials between dev and prod Docker engines
7e0c3d8bb793
Actions

Description

Avoid to share credentials between dev and prod Docker engines

Summary:
The same Vault policy was applied for all Docker engines.

As plan is to repurpose Dwellers as a development Docker engine,
security requirements require separate sets of credentials.

As we don't currently have well defined environments, to assign
to each server a virtual role "paas-docker-<env>" will do nicely.

This is a follow-up for af9db00760be.

Ref T1724, T1425.

Test Plan: salt dwellers credentials.get_password nasqueron.etherpad.api should fail.

Reviewers: dereckson

Reviewed By: dereckson

Maniphest Tasks: T1724, T1425

Differential Revision: https://devcentral.nasqueron.org/D2669

Details

Provenance

DorianWinty	Authored on Apr 15 2022, 19:50
dereckson	Committed on Apr 15 2022, 19:50
dereckson	Pushed on Apr 15 2022, 19:50

Reviewer

dereckson

Differential Revision

D2669: Avoid to share credentials between dev and prod Docker engines

Parents

rOPS271340880cd2: Change default Docker group for nasqueron-dev-docker

Branches

Unknown

Tags

Unknown

Tasks

T1724: Split Docker engines between production (docker-001) and dev (dwellers)
T1425: Provision secrets through Salt

Event Timeline

dereckson committed rOPS7e0c3d8bb793: Avoid to share credentials between dev and prod Docker engines (authored by DorianWinty).Apr 15 2022, 19:50

dereckson added tasks: T1425: Provision secrets through Salt, T1724: Split Docker engines between production (docker-001) and dev (dwellers).

dereckson added an edge: D2669: Avoid to share credentials between dev and prod Docker engines.

Changes (2)

Path

Size

pillar/

credentials/

vault.sls

nodes/

nodes.sls

rOPS7e0c3d8bb793

View Options

pillar/credentials/vault.sls