Hello, On Fri, Jul 11, 2014 at 12:36 PM, Kapil Thangavelu <[email protected]> wrote: > On Fri, Jul 11, 2014 at 4:44 AM, Tudor Rogoz <[email protected]> wrote: >> [...] >> > > Juju doesn't allow for extraction of provider credentials from the state > server as a security measure. Its typically much better to define these as > charm config properties, because you can use a separate iam account that's > permission scoped to the usage you want rather than proliferating a more > privileged account. Even better is using iam roles > (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) > with manual provisioning and workload placement (deploy --to) against the > ec2 provider and avoiding the credential management entirely. >
Also related, but not directly implied, there is a lost-in-time mailing list thread regarding to secret configuration buckets ( https://lists.ubuntu.com/archives/juju/2014-May/003885.html ) I am not sure if somebody had a chance to work implementing a solution like puppet-hiera ( http://docs.puppetlabs.com/hiera/1/) or any other approach for sensitive data being used on configuration files. Cheers -- Jorge Niedbalski R. -- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
