On Sep 7, 2020, at 5:48 AM, Stuart Henderson <[email protected]> wrote: > > My suggestions would be to keep the config files in a management system > of some sort. Whether that's a full-blown config management system like > ansible/salt, one of the simpler tools like rset, judo, rdist, or even > just commiting config files directly to a version control repository,
Folks, Do people have opinions on the best way to securely store sensitive config files in a management system or repo? For instance, the various private keys that live in the various nooks and crannies of /etc. And if they’re stored in encrypted form, what’s the best way to have them decrypted for zero-touch or minimal-touch config restores? —Paul
smime.p7s
Description: S/MIME cryptographic signature
