Re: Finding new home for our builds and other security sensitive stuff
On Sun, Feb 27, 2022 at 09:41:47PM -0800, Ross Vandegrift wrote:
> > We use Hashicorp Vault in my company, and we are very happy of it. It works
> > well, it's safe, and has many good options. So I support the idea.
> +1 - we should talk more about how this would look. I have some thoughts.
> We could keep it simple: one VM in an autounseal supported cloud, probably
> using a storage backend from the platform.
Yeah. That just reduces the possibilities to the large platforms.
> > > Using another GitLab instance is a bit more problematic. Due to the
> > > ressources we use, most of the instances out there are kind of out of
> > > the question. Which remains is hosting one ourselves. That's not
> > > ideal, by far.
> gitlab.com could work - they could handle our artifacts, and we could bring our
> own CI runners. This might not be popular for a variety of reasons (and I'm
> not pushing for it). But I think it's important to note since:
> a) it's technically feasible, and
> b) it's probably the least effort (both migration & ongoing ops)
Yes, it is possible.
> Thanks! Bastian, do you remember how much artifact storage we use? IIRC, it's
> surprisingly large. salsa is still down at the moment, so I'm unable to check.
It isn't that much. Let's say something below 200G, more like 50.
> > But, this is problematic not only for the cloud team. Let's hope this gets
> > fixed "soon", no? Maybe we should set a deadline for ourselves?
> 100% agreed. I don't think we need to set a deadline yet, but I think we
> should continue this conversation so we can build opinions about our options.
Well, 14 months should be enough, don't you think?
Bastian
--
Bones: "The man's DEAD, Jim!"
Reply to: