access environment.yaml data from the hooks

Jorge Niedbalski jorge.niedbalski at
Fri Jul 11 12:14:21 UTC 2014


On Fri, Jul 11, 2014 at 12:36 PM, Kapil Thangavelu
<kapil.thangavelu at> wrote:
> On Fri, Jul 11, 2014 at 4:44 AM, Tudor Rogoz <rogoz at> wrote:
> Juju doesn't allow for extraction of provider credentials from the state
> server as a security measure. Its typically much better to define these as
> charm config properties, because you can use a separate iam account that's
> permission scoped to the usage you want rather than proliferating a more
> privileged account. Even better is using iam roles
> (
> with manual provisioning and workload placement (deploy --to) against the
> ec2 provider and avoiding the credential management entirely.

Also related, but not directly implied, there is a lost-in-time
mailing list thread regarding to secret configuration buckets ( )

I am not sure if somebody had a chance to work implementing a solution
like puppet-hiera (
or any other approach for sensitive data being used on configuration files.


Jorge Niedbalski R.

More information about the Juju mailing list