Terraform #2221, #4169 • Vault API • Allows for custom integrations where required • Make use of existing AWS policies • Awaiting next release (Vault PR #895) Considerations:
token not exposed • Eased changing config man tool • Ansible —> Puppet • No secrets explicitly stored on disk for puppet usage • https://github.com/jsok/hiera-vault Benefits
way to delete all secrets until next release (0.5.0) which includes PR #617 • Puppet Hiera plugin has potential for generating a lot of traffic with Vault • Considering ConsulTemplate Considerations:
principles & aims of overall solution • Vault is a single focused tool - this is good! • Vault is new • we are still experimenting, but happy thus far!