8bc8c7c028
This introduces a new document called `EncryptionPolicy` to configure this behavior. It currently only supports using symmetric encryption with `GPG`, but that should be available on all Ubuntu systems (which is what we currently support) and should also be fairly reliable. Change-Id: I06d4faa119b736773df0d8cbf0e7a23fd98edcdf Depends-On: https://review.openstack.org/#/c/602175/
34 lines
766 B
YAML
34 lines
766 B
YAML
EncryptionPolicy
|
|
================
|
|
|
|
Encryption policy defines how encryption should be applied via Promenade. The
|
|
primary use-case for this is to encrypt ``genesis.sh`` or ``join.sh`` scripts.
|
|
|
|
Sample Document
|
|
---------------
|
|
|
|
.. code-block:: yaml
|
|
|
|
---
|
|
schema: promenade/EncryptionPolicy/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: encryption-policy
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
data:
|
|
scripts:
|
|
genesis:
|
|
gpg: {}
|
|
...
|
|
|
|
|
|
Scripts
|
|
-------
|
|
|
|
The genesis and join scripts can be built with sensitive content encrypted.
|
|
Currently the only encryption method available is ``gpg``, which can be enabled
|
|
by setting that key to an empty dictionary.
|