Storing saltstack server configs in version control

Question

I currently have a few servers that are managed by saltstack, every now and then saltstack fails to deploy the new configs because of an issue somewhere and it can take a while to work out what changed that caused the issue.

It seems like having some kind of version control system for these configs would solve this problem but storing sensitive info such as the api keys and app secrets that are in these configs in a git repo is always advised against.

Is using git or similar the right way to go about this? Is there any other better way?

https://docs.saltstack.com/en/latest/topics/best_practices.html#storing-secure-data — Michael Hampton, Dec 18 '17 at 01:49

score 3 · Accepted Answer · answered Dec 18 '17 at 01:53

You can use git. I actually use it for the configuration of the systems I manage. In order to have secret data kept secret remotely you need something like ansible 's vault which is still an open issue in salt stack. In the issue discussion it is also said that a possible workaround for the moment is using GPG to encrypt those secrets

Storing saltstack server configs in version control

1 Answers1