access environment.yaml data from the hooks
jorge.niedbalski at canonical.com
Fri Jul 11 12:14:21 UTC 2014
On Fri, Jul 11, 2014 at 12:36 PM, Kapil Thangavelu
<kapil.thangavelu at canonical.com> wrote:
> On Fri, Jul 11, 2014 at 4:44 AM, Tudor Rogoz <rogoz at adobe.com> wrote:
> Juju doesn't allow for extraction of provider credentials from the state
> server as a security measure. Its typically much better to define these as
> charm config properties, because you can use a separate iam account that's
> permission scoped to the usage you want rather than proliferating a more
> privileged account. Even better is using iam roles
> with manual provisioning and workload placement (deploy --to) against the
> ec2 provider and avoiding the credential management entirely.
Also related, but not directly implied, there is a lost-in-time
mailing list thread regarding to secret configuration buckets (
I am not sure if somebody had a chance to work implementing a solution
like puppet-hiera ( http://docs.puppetlabs.com/hiera/1/)
or any other approach for sensitive data being used on configuration files.
Jorge Niedbalski R.
More information about the Juju