O'Reilly logo

Learning SaltStack - Second Edition by Colton Myers

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Defining secure minion-specific data in pillar

So far, we've only been defining the state of our infrastructure using state files. However, there is no mechanism in the state files for per-minion access control. Any file or data that you put in /srv/salt is immediately available for approved minions.

Thus, we need a system to give minion-sensitive data. That system in Salt is called the pillar system.

Much like grains, which we have talked about before, the pillar system is just a key-value store in Salt. However, each minion gets its own set of pillar data, encrypted on a per-minion basis, which makes it suitable for sensitive data.

Our pillar files are stored in a separate directory from our state files. By default, this directory is /srv/pillar ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required