[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [EXT] Re: [EXT] Re: Medium-term road map
From: |
Thompson, David |
Subject: |
Re: [EXT] Re: [EXT] Re: Medium-term road map |
Date: |
Thu, 7 May 2020 08:24:01 -0400 |
On Wed, May 6, 2020 at 3:46 PM Jack Hill <address@hidden> wrote:
>
> > Long story short: Guix need not worry about this.
>
> I think we may want to do some work in Guix to support this workflow
> conveniently. That work could include having a secrets management service,
> bootstrapping new hosts for access to the service, or writing system
> services that can be easily configured for different secret management at
> deploy time. It's fun to think about what we could do, but as Ludo’
> suggested elsewhere in the thread, we'll find out by trying to deploy more
> hosts with more complex configurations. I hope to be able to do so soon.
To that end, I think a good starting place would be to research the
available free secrets management applications (my knowledge is a few
years out of date), package it, and write a shepherd service for it.
>From there, we could see what additional integration would be useful
for clients (your other servers being clients of the secrets
management server.) I don't know if this would actually work, but I
can picture a world where service configuration objects are aware of
secret fields (some new Scheme data type) and will arrange to lazily
generate config files in a just-in-time fashion on the server when
shepherd starts the service. Sounds like a real fun project, IMO!
Okay, so I take it back: Guix *should* worry about this, but in a very
specific way that is orders of magnitude better than every other
configuration management system out there, just like the rest of Guix.
:)
- Dave