On Sep 7, 2020, at 5:48 AM, Stuart Henderson <stu@spacehopper.org> wrote:
>
> My suggestions would be to keep the config files in a management system
> of some sort. Whether that's a full-blown config management system like
> ansible/salt, one of the simpler tools like rset, judo, rdist, or even
> just commiting config files directly to a version control repository,
Folks,
Do people have opinions on the best way to securely store sensitive config files in a management system or repo? For instance, the various private keys that live in the various nooks and crannies of /etc.
And if they're stored in encrypted form, what's the best way to have them decrypted for zero-touch or minimal-touch config restores?
—Paul
No comments:
Post a Comment