Lightning Talk: Storing of Secrets for Retrieval by Configuration Management
SessionHPCSysPros21 Workshop
Presenter
Event Type
Workshop
Online Only
SIGHPC
State of the Practice
System Administration
W
TimeSunday, 14 November 20213:45pm - 4pm CST
LocationOnline
DescriptionWe were storing secrets in a private git repository that has security implications. Admins that would be working on a Puppet control repository would also have the secrets local to their systems even if the secret is encrypted.
Using Vault by Hashicorp with Consul as encrypted storage. This use’s Puppet Server CA certificate as authorization for servers to pull secrets. This also provides flexibility to create policies that control administrative access. A single Vault instance provides secret storage for multiple Puppet Servers as NCSA.
Using Vault by Hashicorp with Consul as encrypted storage. This use’s Puppet Server CA certificate as authorization for servers to pull secrets. This also provides flexibility to create policies that control administrative access. A single Vault instance provides secret storage for multiple Puppet Servers as NCSA.
Presenter