// , Provisioning should use Configuration as Code

v6 / super-duper-vault-train

🚄▼▼▼▼▼▼

GNU General Public License v3.0

20 stars 18 forks source link

// , Provisioning should use Configuration as Code #3

Open v6 opened 6 years ago

v6 commented 6 years ago

// , These are provisioned with shell scripts, which is a problematic way to do things for a lot of reasons.

We should still maintain the bash scripts versions. But using Chef would make a lot of things easier to test with Vault.

v6 commented 5 years ago

// , I've put the provisioning data in the provision_vault/data and provision_consul/data folders, and the scripts which use that data are in the provision_vault/scripts and provision_consul/scripts folders, respectively.

v6 commented 5 years ago

// , HERE BE DRAGONS.

Warning, this is more complex than other stuff in this repo. There are a lot of other solutions out there, and HashiCorp may already be working on one.

v6 commented 5 years ago

// , Here are some existing solutions to this, which automate the provisioning of Vault's internal features via its API:

https://www.hashicorp.com/blog/codifying-vault-policies-and-configuration

https://tech.spaceapegames.com/2017/07/26/vault-configuration-as-code/