Salt Stack - a better alternative to Puppet, Chef, etc. - also comes with built-in support for encrypting secrets while you store them in your version control. Basic idea is simple:
You generate the public & private GPG keys on your Salt "master" -server
Those keys can be used to encrypt any values in Salt configuration (works on value-level, not just file-level)
You encrypt the environment's configuration with the environment's GPG keys
You store the encrypted secrets in version control
Only the Salt "master" server can decrypt them and release the values to various states and templates that you use to configure your servers
If not using something like Docker, then Salt is one of the best options out there for managing your server configuration (though in my opinion THE best), and supports this out of the box.
Salt Stack - a better alternative to Puppet, Chef, etc. - also comes with built-in support for encrypting secrets while you store them in your version control. Basic idea is simple:
If not using something like Docker, then Salt is one of the best options out there for managing your server configuration (though in my opinion THE best), and supports this out of the box.
docs.saltstack.com/en/latest/ref/r...
Hi Duke. Salt Stack looks very interesting. Thanks for sharing it—I'll add it to my list of alternatives.
Yea it does a lot of things very well, and is built with components that you can take into use separately.
Some examples of things you can do with Salt Stack:
Basically Salt Stack can take care of most of your server management needs.