Secret parameters

[s1l0uk]

Hi Guys, Love the work so far and enjoying playing with this. Just a silly question...

With the idea that we can build infrastructure in to config files, do you have a way to put a secret in to the mix? for example a Password?

Would this have to be declared in plain text in the YAML configuration file or do you guys have a way of preventing this information leaking in to SCM when people are making configs for Cumulus use?

Many thanks in advance and keep up the good work! Thanks, //P

[peterkh]

Hi,

Yep this is something I've thought about. I quite like the way hiera-eyaml (https://github.com/TomPoulton/hiera-eyaml) handle this and would probably like to see something similar for cumulus. Another option would be to have cumulus prompt the user for certain parameters, but I like that less as the stack then depends on outside information (less ideal in a DR situation). Right now, the passwords need to be stored in clear text in the yaml files.

Cheers Peter

[techlunacy]

hi all,

i am working on an update that will allow cumulus to read environment variables. and merge it in at run time.

https://github.com/techlunacy/cumulus

i think it would solve your problem.

thoughts?

[s1l0uk]

I like it! - is that with envvars? Currently doing something similar as we are building within troposphere and using cumulus to orchestrate the stacks we are already doing a bit of python w/boto magic on the side and just tied a simple function to do the same from an envvar later down the line.

Cheers for the continued help! //P

[techlunacy]

yep using envars and pystache

[acaire]

Closing this one for now.