Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Ohad Levy
On Tue, Jun 27, 2017 at 5:54 PM, Greg Sutcliffe wrote: > On Tue, 2017-06-27 at 17:43 +0300, Ohad Levy wrote: > > > > Are you suggesting to host mail infra ourself > > Nope. > > > pay to google > > Nope. > > > or some other alternative? Changing DNS records is a non

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Greg Sutcliffe
On Tue, 2017-06-27 at 17:43 +0300, Ohad Levy wrote: > > Are you suggesting to host mail infra ourself Nope. > pay to google Nope. > or some other alternative? Changing DNS records is a non issue. I'm talking about Mail Redirects or Mail Forwards - https://support.dns

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Ohad Levy
On Tue, Jun 27, 2017 at 5:51 PM, Ewoud Kohl van Wijngaarden < ew...@kohlvanwijngaarden.nl> wrote: > On Tue, Jun 27, 2017 at 02:44:49PM +, Neil Hanlon wrote: > >> Just my $.02, but a lot of registrars provide a free mail forwarding >> service. Could setup a private distribution list through

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Ewoud Kohl van Wijngaarden
On Tue, Jun 27, 2017 at 02:44:49PM +, Neil Hanlon wrote: Just my $.02, but a lot of registrars provide a free mail forwarding service. Could setup a private distribution list through google groups or the like to forward mails to for the shared email. That could work just as well though we

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Neil Hanlon
Just my $.02, but a lot of registrars provide a free mail forwarding service. Could setup a private distribution list through google groups or the like to forward mails to for the shared email. On Tue, Jun 27, 2017 at 10:43 AM Ohad Levy wrote: > On Tue, Jun 27, 2017 at 5:33

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Ohad Levy
On Tue, Jun 27, 2017 at 5:33 PM, Greg Sutcliffe wrote: > On Tue, 2017-06-27 at 13:03 +0200, Ewoud Kohl van Wijngaarden wrote: > > > > What are the options to use a @theforeman.org email address? Looks > > like google now requires money for that where it used to be free.

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Greg Sutcliffe
On Tue, 2017-06-27 at 13:03 +0200, Ewoud Kohl van Wijngaarden wrote: > > What are the options to use a @theforeman.org email address? Looks > like google now requires money for that where it used to be free. > The advantage would be that we can easily change the provider > without changing all

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Ewoud Kohl van Wijngaarden
On Tue, Jun 27, 2017 at 11:51:55AM +0100, Greg Sutcliffe wrote: On Tue, 2017-06-27 at 11:37 +0200, Michael Moll wrote: Hi, While I don't like GMail, that sounds like a sensible way to go, lacking the alternatives. I agree, but it's just for password recovery and so forth, so that it's not

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Greg Sutcliffe
On Tue, 2017-06-27 at 11:37 +0200, Michael Moll wrote: > > In addition to pass, Ewoud already mentioned, I was recommended > passbolt (https://www.passbolt.com) and gopass (https://www.justwatch > .com/gopass), which is a rewrite of pass. Ugh, do research before writing :P So pass / gopass not

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Greg Sutcliffe
On Tue, 2017-06-27 at 11:37 +0200, Michael Moll wrote: > Hi, > > While I don't like GMail, that sounds like a sensible way to go, > lacking the alternatives. I agree, but it's just for password recovery and so forth, so that it's not tied to a single person. I don't expect to use it for anything

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Eric D Helms
Throwing yet another idea out there. Ansible Vault allows encrypting yaml key value files and storing the encrypted file in git so that it can be shared and stored in source control. Eric On Jun 27, 2017 5:37 AM, "Michael Moll" wrote: > Hi, > > On Mon, Jun 26, 2017 at

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Michael Moll
Hi, On Mon, Jun 26, 2017 at 01:31:32PM +0100, Greg Sutcliffe wrote: > We don't have a mailserver for "*@theforeman.org" currently, and it's > probably overkill to run one. My solution would be to register a new > GMail account for infra stuff (thefore...@gmail.com or similar) and use > that for

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Ewoud Kohl van Wijngaarden
On Mon, Jun 26, 2017 at 01:31:32PM +0100, Greg Sutcliffe wrote: Continuing the theme of "reducing the bus factor", I want to talk about the accounts we use for things like Rackspace, Scaleway, etc. Currently the rackspace account actually sends emails to a Red Hat address - whilst this is "ok"

Re: [foreman-dev] [Infra] Service accounts and secret storage

2017-06-27 Thread Marek Hulán
On pondělí 26. června 2017 14:31:32 CEST Greg Sutcliffe wrote: > Hey all, > > Continuing the theme of "reducing the bus factor", I want to talk about > the accounts we use for things like Rackspace, Scaleway, etc. > > Currently the rackspace account actually sends emails to a Red Hat > address -