void-infrastructure icon indicating copy to clipboard operation
void-infrastructure copied to clipboard
verified publisher icon void-linux

[tracking] remaining vault secrets

Open classabbyamp opened this issue 10 months ago • 2 comments

should be migrated to nomad variables

  • [x] apps/devspace
    • secret/devspace/ssh
  • [x] apps/ircbot
    • secret/ircbot/credentials
    • secret/ircbot/webhook
  • [x] apps/maddy
    • secret/lego/data/certificates/_.voidlinux.org.crt
    • secret/lego/data/certificates/_.voidlinux.org.key
  • [x] build/signing
    • secret/repomgmt/signing
  • [x] infrastructure/lego
    • secret/lego/do_api
  • [x] infrastructure/nginx-*
    • secret/lego/data/certificates/_.voidlinux.org.crt
    • secret/lego/data/certificates/_.voidlinux.org.key
  • [x] monitoring/alertrelay
    • secret/alertrelay/credentials

classabbyamp avatar Apr 11 '25 14:04 classabbyamp

The maddy and nginx ones should use the certs that are already in nomad vars, and the lego job should just be removed. We had two different processes for renewing certs, and we should dedup down to just the one we're using.

the-maldridge avatar Apr 11 '25 18:04 the-maldridge

All remaining tasks do not make use of vault policies. We should do another sweep, then un-hook the legacy vault integration and update nomad.

the-maldridge avatar Apr 15 '25 21:04 the-maldridge