[eduVPN-deploy] Storing secrets in the database (was: Re: NAT problem / write UDPv6: Operation not permitted)
François Kooman
fkooman at deic.dk
Mon Aug 8 16:54:39 CEST 2022
On 07.08.22 18:06, Marc Langer via eduVPN-deploy wrote:
> The
> following directories have to be copied or automatically synchronised
> between nodes:
>
> - /etc/vpn-user-portal
> - /etc/vpn-server-node
> - /var/lib/vpn-user-portal
This reminds me of something I've been thinking about for a while. We
could (should?) probably move some file to the database instead of files
on the filesystem, i.e. the CA key, the OAuth key, the WireGuard key(s)
and the tls-crypt key(s).
The configuration files could be next, but might be a bit more difficult
to migrate to the database automatically in a (minor) upgrade. Typically
those you can (should?) deploy using something like puppet/ansible
anyway when working with multi-portal/multi-node systems...
Any thoughts on this?
Regards,
François
More information about the eduVPN-deploy
mailing list