omit secret data from env.yaml

redhat-cip / config-tools

Config Tools

8 stars 11 forks source link

omit secret data from env.yaml #24

Open gerhardqux opened 9 years ago

gerhardqux commented 9 years ago

We would like to omit passwords and ssh keys from the env.yaml file, and provide them statically on the install-server.

Would it be possible to either:

modify generate.py to read additional configuration from a secrets.yaml file, or
modify hiera to fall back on a secrets.yaml file when the secrets are not defined in the other files?

This way, passwords will never leak out through diffs, backups, public source control, etc.

rafaelrosafu commented 9 years ago

@fcharlier any updates on this item?

fcharlier commented 9 years ago

@rafaelrosafu the second option has a fix in #25, the secrets.yaml file has to be dropped by an operator in the correct folder (the use case was to avoid having the passwords in a git repository)

rafaelrosafu commented 9 years ago

@fcharlier so when #25 gets merged this will be solved right? I'll make sure to track these issues on the internal tickets. Thanks a ton :)

fcharlier commented 9 years ago

@rafaelrosafu you're right! Thanks to you too !