Encrypting sensitive value in salt master config file

[ARUN KUMAR PRAJAPATI]

Hi Team,

I am using custom returner database for salt master. Database information like table name, host name, user and password are stored in master.conf.

The database password is visible to every one who can access master server.

Does salt master supports encrypted values in configuration file? or is there any way we can encrypt/hide sensitive values like password in config file?

Thanks,

Arun 

[Phipps, Thomas]

This is always an annoying question. as the answer is if they have enough permission to read the config then they have enough permission to go fetch the can you kicked. but for salt it doesn't support encryption in the config. but it does support a system called sdb which allows fetching items from keystore databases. such as vault.

https://docs.saltproject.io/en/latest/topics/sdb/index.html#using-sdb-uris-in-files

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/salt-users/26e22fbc-d347-4993-a72c-7d29919dd6a1n%40googlegroups.com.

[ARUN KUMAR PRAJAPATI]

Thank you for your valuable input.

I will give a try configuring SDB interface.