Ansible check dat dev-secrets niet in productie terechtkomen

[baszoetekouw]

Uit de audit:

the testing team observed that secrets in the production environment were stored securely using Ansible Vault. However, [the team] was unable to determine whether sufficient measures had been established to ensure that development secrets were replaced when building the application. In this regard, one can recommend ensuring that automated procedures are implemented to prevent any developer from launching code using the placeholder secrets; code comments should not be considered the most effective method by which to achieve this.

[baszoetekouw]

Zie https://wiki.surfnet.nl/display/conextdocumentation/RFC+Handling+production+infrastucture+information+and+secrets

Even kijken we we daar met SRAM bij kunnen aansluiten