[Cialug] Access credentials for new cloud instances

Kenneth Younger kyounger at gmail.com
Mon Jan 23 10:46:32 CST 2012


I remember Matt talking about this at the last LUG meeting with regard
to Puppet.

On Mon, Jan 23, 2012 at 10:04 AM, Matthew Nuzum <newz at bearfruit.org> wrote:
> In an environment where you're using dynamic cloud instances (i.e. you spin
> them up and down as demand grows and ebbs) there is a need for your new
> instance to talk to your various infrastructure.
>
> For example, you might need to script the installation of your code
> downloaded from a central server. There are two ways to do such that come
> first to mind, use hard-coded user credentials (i.e. user/password) or use a
> hard-coded private/public key. Both of these have a problem, in that you
> have to securely communicate this material to the new guest. A further
> disadvantage is that you can't revoke only one instance's credentials.
>
> Another option that I have thought of would be to generate credentials on
> the guest and then some how authorize them for the new server. This also has
> problems: namely that you need a secure channel to communicate your new
> credentials with the server and possibly an automatic way to enable them and
> authorize the client.
>
> I was curious if anyone else here has thought about this problem and what
> they think is a good solution. Again, the goal is to have as automated of a
> process as possible. It would be awesome for the infrastructure to respond
> to demand magically in the night without sysadmin intervention.
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin and twitter
>
> ♫ You're never fully dressed without a smile! ♫
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Kenneth Younger III
Founder, Sheer Focus Inc.
e: kenny at sheerfocus.com
p: (515) 367-0001
t: @kenny


More information about the Cialug mailing list