On 8/6/2010 4:47 PM, Bob Belnap wrote:
Is anyone else doing this? Is it a good idea? What are the potential
pitfalls?
me too.
An important consideration is that if you distribute secrets (db
passwords etc) with puppet, every application using puppet's key can
also access them.
Another drawback is that you bind the service to the identity of your
server and your shop to puppet's CA. This reduces your flexibility to
move services between machines and it doesn't help if you need a
customer-facing certificate from an official CA.
Best Regards, David
--
dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999
FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
