What is your use case for storing configuration in pillar? Pillar is private to individual minions so each minion would not have access to other minions pillar.
However if you're hoping to keep configuration data private from the master it becomes a lot trickier. Since, as Joseph said, the minion does everything the master asks it and the master could just ask the minion for its key. On top of that since the minion is usually running as the root user it has free rein of the system.
Not impossible. The minion does not have to run as the root user. However that becomes a lot more tricky to set up which brings me back to my question about your use case. Perhaps there's another way.
One other thing I meant to point out is you can limit what the master is able to do if you configure salt's external authentication system or client ACL system and run the Salt master as a non-root user.
What is your use case for storing configuration in pillar? Pillar is private to individual minions so each minion would not have access to other
minions pillar.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.