Change Details

We currently use several strategies to store credentials, the reference one being to use the passphrase application on DevCentral. @Sandlayth is responsible for the deployment, @Dereckson will handle the migration of current secrets to Vault. Vault will contain: - passwords for Docker containers - credentials to log in to external services (e.g. API keys for a mail service) Some credentials will still be stored on DevCentral: - SSH keys used for Harbourmaster - SSH keys as deploy keys for GitHub repositories Some credentials needed to install Vault will also be stored on file: - Credentials to access Vault backend storage

We currently use several strategies to store credentials, the reference one being to use the passphrase application on DevCentral. @Sandlayth is responsible for the deployment, @Dereckson will handle the migration of current secrets to Vault. Vault will contain: - passwords for Docker containers - credentials to log in to external services (e.g. API keys for a mail service) Some credentials will still be stored on DevCentral: - SSH keys used for Harbourmaster - SSH keys as deploy keys for GitHub repositories Some credentials needed to install Vault will also be stored on file: - Credentials to access Vault backend storage Then, to configure Salt to use Vault, https://medium.com/@aratik711/saltstack-and-vault-integration-20eeb2e7ec9c provides a checklist-like howto.

We currently use several strategies to store credentials, the reference one being to use the passphrase application on DevCentral. @Sandlayth is responsible for the deployment, @Dereckson will handle the migration of current secrets to Vault. Vault will contain: - passwords for Docker containers - credentials to log in to external services (e.g. API keys for a mail service) Some credentials will still be stored on DevCentral: - SSH keys used for Harbourmaster - SSH keys as deploy keys for GitHub repositories Some credentials needed to install Vault will also be stored on file: - Credentials to access Vault backend storage Then, to configure Salt to use Vault, https://medium.com/@aratik711/saltstack-and-vault-integration-20eeb2e7ec9c provides a checklist-like howto.