I really like it a lot! Not bulletproof but more secure than a file.
Still no way to have "hooks" run on FAI server? Diego Il 06/10/2023 11:18, Thomas Lange ha scritto:
On Fri, 06 Oct 2023 21:57:28 +1300, Andrew Ruthven <and...@etc.gen.nz> said:> This isn't ideal as the secrets are still present in the NFSROOT for a short > period of time, but does solve the chicken and egg issue others mentioned This reminds me of a solution I once saw. Put some info into a fifo (named pipe), so only one receiver can read it. After that the fifo is empty. What about having a daemon on the FAI server which serves some secrect using: echo secrect | nc -p 12345 -l So only one FAI client can read the secrect from port 12345 once. This may help a little bit.
-- Diego Zuccato DIFA - Dip. di Fisica e Astronomia Servizi Informatici Alma Mater Studiorum - Università di Bologna V.le Berti-Pichat 6/2 - 40127 Bologna - Italy tel.: +39 051 20 95786
