Closed mapellidario closed 1 month ago
Copy from CRAB weekly minutes. Secrets management:
Secret management so far:
sops+age
to sops+gpg
, avoid sharing master key between us. Dario, if you need any help to close this issue, feel free to ask.
this was done. @novicecpp do you agree to close ?
Maybe open a new one about how best to avoid forgetting to update secrets in Aroosha's repo when we update something on our side ?
Sorry, I do not remember why this still open.
In conclusion,
crab-secrets
repo.crab-secret
is encrypted with sops using gpg, which work quite well when we have a new guy join team.looks like we forgot to close. Thanks
overview
In order to ease the operations, especially during during emergencies, we can streamline how we manage secrets and configurations around CRAB.
This is a broad issue and many smaller action items can be spawned to achieve this goal.
For example, references to REST secrets and config are found in the following places, while ideally only one is necessary.
action items:
REST
TW, PUB
past
We already have some open issues that are somewhat related to this one: