Hi all, I'd like to find out what are people using right now / consider best practice for passing private data into instances at boot. (and how you feel about it) By private data I mean things like: - password to your databases / message queue / service endpoint - keys / bootstrap information for orchestration / deployment - keys required for backups - certificate private keys for web services
The current options I'm aware of are: - metadata / files / scripts passed via the metadata service - embedding data into the image - pushing, rather than pulling (credentials bootstrap over ssh) The first two come with the downside of the uncertain data retention: metadata database may be backed up forever and can't be explicitly deleted by the user, images may be backed up but can be explicitly deleted. The third comes with the downside of being limited to ssh deployment tools. So what's your process and have you seen projects offering something better? Best Regards, Stanisław Pitucha
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
