blob: f37b2dc93352df1c2a7f0944f4bda2fa4e51cf04 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
2023-07-18
==========
Secret management improvements
------------------------------
To allow for **better management of our Kubernetes secrets**, Chris set
out to configure ``git-crypt`` in GPG key mode. For comparison, the
previous approach was that secrets were stored in Kubernetes only and
had to be accessed via ``kubectl``, and now ``git-crypt`` allows us to
transparently work with the files in unencrypted manner locally, whilst
having them secure on the remote, all via ``.gitattributes``.
The following people currently have access to this:
- Johannes Christ [email protected]
(``8C05D0E98B7914EDEBDCC8CC8E8E09282F2E17AF``)
- Chris Lovering [email protected]
(``1DA91E6CE87E3C1FCE32BC0CB6ED85CC5872D5E4``)
- Joe Banks [email protected] (``509CDFFC2D0783A33CF87D2B703EE21DE4D4D9C9``)
For Hassan, we are still waiting on response regarding his GPG key
accuracy.
The pull request for the work can be found `at
python-discord/kubernetes#156 <https://github.com/python-discord/kubernetes/pull/156>`__.
**To have your key added, please contact any of the existing key
holders**. More documentation on this topic is pending to be written,
see
`python-discord/kubernetes#157 <https://github.com/python-discord/kubernetes/issues/157>`__.
Infrastructure migration decision
---------------------------------
The voting started `last week <./2023-07-11.md>`__ will be properly
talked about `next week <./2023-07-25.md>`__, so far it looks like we’re
definitely not selfhosting Kubernetes at the very least.
.. raw:: html
<!-- vim: set textwidth=80 sw=2 ts=2: -->
|
