Closed danielballan closed 5 years ago
I added a bunch of people from DAMA to have them read this important information.
@danielballan, by the way, how often is the vault password going to be changed? And where does its public counterpart live in the playbooks?
Currently it has one public counterpart which does not guard anything of great importance, just the postgres database that stores user state in JupyterHub, which does not contain anything sensitive at present (no auth info). I employed encryption as general good practice --- a password is a password.
In fact, the postgres usage will go away when we move JupyterHub out of ansible (and to Kube or whatever) at which point we'll be using the vault_password_file
for nothing. Then we should re-evaluate whether we want to keep in case we'll want it for something else later or just remove it and thereby simplify the usage.
The password has never been changed, due to the low stakes of leaking it. We should rethink that if it ever guards anything more important.
The docs still said LastPass but we now use Keybase.