Defining secure minion-specific data in pillar
So far, we've only been defining the state of our infrastructure using state files. However, there is no mechanism in the state files for per-minion access control. Any file or data that you put in /srv/salt
is immediately available for approved minions.
Thus, we need a system to give minion-sensitive data. That system in Salt is called the pillar system.
Much like grains, which we have talked about before, the pillar system is just a key-value store in Salt. However, each minion gets its own set of pillar data, encrypted on a per-minion basis, which makes it suitable for sensitive data.
Our pillar files are stored in a separate directory from our state files. By default, this directory is /srv/pillar ...
Get Learning SaltStack - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.