cloud-init team mailing list archive
Mailing list archive
Best practices for sensitive data handling
I couldn't find any documentation nor discussions on the web about this
of cloud-init, so I'm trying the mailing list.
My use case for cloud-init includes hitting my domain registrar's API to
DNS record so that a certain domain points to the IP of the server that is
Doing this involves embedding a secret API key in the user-data file.
Problem is, after bootstrapping I can find this secret scattered in several
places around the server, at /run/cloud-init and /var/lib/cloud.
/run/cloud-init/instance-data.json is particularly vexing because
it's a world readable file.
So I'd like to hear your opinion on what's a good approach to sensitive data
handling. I couldn't come up with any way to securely embed sensitive data
into the template itself, only do a post-install cleanup.
After completing the bootstrap I'm rebooting the server and then
cloud-init and manually removing /run/cloud-init and /var/lib/cloud.
Are there better ways to go about this?