Zac Stevens zts

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

If you want to check whether a node run_list includes a specific role (upon expansion), then you could use role? method on the Node object:

node.role?('name')

Alternatively, you can see whether either would work for you:

node.roles.include?('name')

node.run_list?('role[name]')

	<?php
	/**
	* Magento
	*
	* NOTICE OF LICENSE
	*
	* This source file is subject to the Open Software License (OSL 3.0)
	* that is bundled with this package in the file LICENSE.txt.
	* It is also available through the world-wide-web at this URL:
	* http://opensource.org/licenses/osl-3.0.php

	#!/usr/bin/ruby

	require 'optparse'
	require 'time'
	require 'json'

	OPTIONS = {:action => nil, :inspect => false, :save_state => nil, :metadata => nil}
	METHODS = %w{START UPDATE VALIDATE}
	ENVVARS = %w{BUILD_CAUSE BUILD_TIME BUILD_MONTH BUILD_WEEK BUILD_DAY BUILD_HASH BUILD_TAG}

	#!/usr/bin/env python

	# This is a trick, to output the bash commands we need to run in shell, and just execute this script inside an eval within our shell, so it imports what we need
	# Possibly tie this in with https://gist.github.com/mbainter/b38a4cb411c0b5c1bae6 for MFA support
	# Will need to durably store MFA access tokens, possibly in some other env vars
	# Could also store all different keys/info in different vars, to reuse as needed (lots of env vars though, file may be better)

	import os
	import sys
	import getpass

	function aws_config
	if not fgrep -q "[$argv]" ~/.aws/credentials
	echo "Please specify a valid profile."
	else
	set -e AWS_ACCESS_KEY
	set -e AWS_SECRET_KEY
	set -g -x ATLAS_TOKEN (awk "/\[$argv\]/,/^\$/ { if (\$1 == \"atlas_token\") { print \$3 }}" ~/.aws/credentials)
	set account (awk "/\[$argv\]/,/^\$/ { if (\$1 == \"account_id\") { print \$3 }}" ~/.aws/credentials)
	set username (awk "/\[$argv\]/,/^\$/ { if (\$1 == \"username\") { print \$3 }}" ~/.aws/credentials)
	set mfarn "arn:aws:iam::$account:mfa/$username"

	if defined?(ChefSpec)
	module ChefSpec::Matchers
	class NginxPrivilegeMatcher

	def initialize(runner, ip_addresses, permission="allow")
	@runner = runner
	@ip_addresses = ip_addresses
	@permission = permission
	end

	httpClient.DefaultRequestHeaders.Authorization =
	new AuthenticationHeaderValue(
	"Basic",
	Convert.ToBase64String(
	System.Text.ASCIIEncoding.ASCII.GetBytes(
	string.Format("{0}:{1}", username, password))));

	#!/bin/bash
	#
	# consul Manage the consul agent
	#
	# chkconfig: 2345 95 95
	# description: Consul is a tool for service discovery and configuration
	# processname: consul
	# config: /etc/consul.conf
	# pidfile: /var/run/consul.pid

	# ########################################################################
	# api2_acl_attribute
	# ########################################################################

	# IDX_API2_ACL_ATTRIBUTE_USER_TYPE is a left-prefix of UNQ_API2_ACL_ATTRIBUTE_USER_TYPE_RESOURCE_ID_OPERATION
	# Key definitions:
	# KEY `IDX_API2_ACL_ATTRIBUTE_USER_TYPE` (`user_type`)
	# UNIQUE KEY `UNQ_API2_ACL_ATTRIBUTE_USER_TYPE_RESOURCE_ID_OPERATION` (`user_type`,`resource_id`,`operation`),
	# Column types:
	# `user_type` varchar(20) not null comment 'type of user'