Juju Secrets
Tim Penhey
tim.penhey at canonical.com
Sun Jul 24 20:53:16 UTC 2016
On 25/07/16 06:32, James Beedy wrote:
> Proposed Solution: Juju Secrets
>
> To give Juju a combative edge on the privacy pinwheel of secrets
> distribution in the realm of bleeding edge devops tooling, behold my
> hypothetical proposed solution: |juju secrets|.
> Juju secrets could be used like so:
> |juju add-secret mycloud:mymodel -f secrets.yaml|
>
> I know you guys are pressing hard to get 2.0 out the door, so please
> don’t mind my nonsense here. I just wanted to throw the idea out there
> and possibly get some feedback, and have others weigh in on this topic.
>
> Thoughts?
Interesting idea. How would this really work in practice?
For the secrets to be any use, the units need to be able to get access
to the information right?
Who are we hiding the information from? This is always a key question
that needs to be answered in order to choose a good solution.
Are we hiding information from the Juju users?
Are we trying to hide information from other processes on the same
machines as the agents?
Also, who generates and holds the keys?
Just some more questions.
Tim
More information about the Juju-dev
mailing list