tags:

views:

23

answers:

1
Q: 

Credential distribution/storage across fleets

What are the options for secure password/credential storage on a host and propagation of changes across a fleet of hosts?

An example would be you have fleet of size N and you want to store credentials, such as AWS access keys, on those hosts. The simple approach is to store it in the source code or a config file, but this is bad because it's usually plain text. Also, if you make a change to the credentials you then want them to propagate to all of the hosts in the fleet.

Are there any solutions that would allow for something along these lines?

Credentials credentials = new Credentials();
system.doAction( credentials.getCredential("CredentialKeyId") );

This is assuming a non-Windows fleet.

A: 

Are you asking for something similar to NIS? To Kerberos, maybe?

ninjalj  2010-06-26 22:53:53
Not exactly. I'm looking for something as simple as a daemon that runs on each host that is a secure repository of credentials. This daemon also keeps track of changes and propagates those changes to the daemons running on the other hosts in the fleet. In essence, I'm looking for a credential storage repository that can communicate updates across the fleet.
itshanney  2010-06-26 23:24:42
A problem with what you describe is that each host is as trusted as the others. A compromised host could tell all of the fleet that everyone's new password is "secret", right?
Slartibartfast  2010-06-28 06:05:24

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?