On Sun, Feb 27, 2022 at 09:41:47PM -0800, Ross Vandegrift wrote: > > We use Hashicorp Vault in my company, and we are very happy of it. It works > > well, it's safe, and has many good options. So I support the idea. > +1 - we should talk more about how this would look. I have some thoughts. > We could keep it simple: one VM in an autounseal supported cloud, probably > using a storage backend from the platform.
Yeah. That just reduces the possibilities to the large platforms. > > > Using another GitLab instance is a bit more problematic. Due to the > > > ressources we use, most of the instances out there are kind of out of > > > the question. Which remains is hosting one ourselves. That's not > > > ideal, by far. > gitlab.com could work - they could handle our artifacts, and we could bring > our > own CI runners. This might not be popular for a variety of reasons (and I'm > not pushing for it). But I think it's important to note since: > a) it's technically feasible, and > b) it's probably the least effort (both migration & ongoing ops) Yes, it is possible. > Thanks! Bastian, do you remember how much artifact storage we use? IIRC, > it's > surprisingly large. salsa is still down at the moment, so I'm unable to > check. It isn't that much. Let's say something below 200G, more like 50. > > But, this is problematic not only for the cloud team. Let's hope this gets > > fixed "soon", no? Maybe we should set a deadline for ourselves? > 100% agreed. I don't think we need to set a deadline yet, but I think we > should continue this conversation so we can build opinions about our options. Well, 14 months should be enough, don't you think? Bastian -- Bones: "The man's DEAD, Jim!"
