Re: [EXT] Re: Medium-term road map

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [EXT] Re: Medium-term road map

From:	Thompson, David
Subject:	Re: [EXT] Re: Medium-term road map
Date:	Wed, 6 May 2020 13:03:39 -0400

On Sat, Apr 25, 2020 at 5:38 PM Jack Hill <address@hidden> wrote:
>
> * Continued development of guix deploy. Figuring out how to deploy secrets
> to remote machines would be great.

I used to think this was a problem that guix deploy had to deal with
but after many years doing devops full-time I no longer think this is
a concern. Industry best practice is to use a secrets management
service to fetch secrets at application boot time.  For example, you
could write a shepherd service that downloads and installs an SSH host
key from AWS Secrets Manager (or a self-hosted free tool or another
cloud provider's service, you get the idea) before the SSH service
starts.  In my experience, every application requires a slightly
different strategy: Maybe you need to put a key into a specific file,
maybe you need to set environment variables, maybe you need to
templatize the config file, etc. There's no single general solution to
the problem, but I strongly the believe that the guix client that is
doing the deployment should never access such secrets.

Long story short: Guix need not worry about this.

- Dave

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [EXT] Re: Medium-term road map, Thompson, David <=
- Re: [EXT] Re: Medium-term road map, Efraim Flashner, 2020/05/06
- Re: [EXT] Re: Medium-term road map, Jack Hill, 2020/05/06
  - Re: [EXT] Re: [EXT] Re: Medium-term road map, Thompson, David, 2020/05/07

Prev by Date: Re: MIPS support
Next by Date: Re: https://guix.gnu.org/packages ?
Previous by thread: Re: branch master updated: gnu: gnome-todo: Fix build.
Next by thread: Re: [EXT] Re: Medium-term road map
Index(es):
- Date
- Thread