Re: Finding new home for our builds and other security sensitive stuff
On Mon, Feb 28, 2022 at 01:07:37PM +0100, Bastian Blank wrote:
> On Sun, Feb 27, 2022 at 09:41:47PM -0800, Ross Vandegrift wrote:
> > > We use Hashicorp Vault in my company, and we are very happy of it. It works
> > > well, it's safe, and has many good options. So I support the idea.
> > +1 - we should talk more about how this would look. I have some thoughts.
> > We could keep it simple: one VM in an autounseal supported cloud, probably
> > using a storage backend from the platform.
>
> Yeah. That just reduces the possibilities to the large platforms.
I agree this is a downside. But we wouldn't be forever locked into a
plaform - it's easy to migrate to consul (and probably raft, but I've
never actally used it).
> > Thanks! Bastian, do you remember how much artifact storage we use? IIRC, it's
> > surprisingly large. salsa is still down at the moment, so I'm unable to check.
>
> It isn't that much. Let's say something below 200G, more like 50.
Oh great- for some reason I thought it was like 2TB.
> > > But, this is problematic not only for the cloud team. Let's hope this gets
> > > fixed "soon", no? Maybe we should set a deadline for ourselves?
> > 100% agreed. I don't think we need to set a deadline yet, but I think we
> > should continue this conversation so we can build opinions about our options.
>
> Well, 14 months should be enough, don't you think?
Sorry, I think I wasn't clear. I meant that I didn't see the need to
set a specific deadline, especially if that meant that we delayed
figuring out a plan.
If we have momentum to figure this out now, then I think we should
proceed.
Ross
Reply to: