From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04B151F584E for ; Fri, 4 Apr 2025 15:49:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743781798; cv=none; b=OzupzOt39JVLu5vmVmCaWD14toWprPSiVSEm91Uch4d0cVOeq35Ey8t6xNv8Nx9DfS+v1sW/PA7jZYk8xv2mEDIIJX/zbAZPt26D/dylwXqUq5OQlYbMeguFqSyHJNe5uP/39lMlb6h3KXExKTiyPaHmPLMDz+QQvRkxmD+r6PE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743781798; c=relaxed/simple; bh=uzd3PL2EB+uVFLUMLSyIqLuWfcxuHurojh+tE/larJ8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=YcPlSFX8H1HLbw/tQGfw8uLzpbA8KKtW6c241zL3OPfGWLuutRZTuhuOIks8jU05Fy+lTt09Qd1dUeAIHgWtY4b1HfNXHNogMhKoqfo9k/kcBrY+8uRpYXNfrsy9tuITROlfd28X9hfFsYL5inO9IMO1lkYydWttS81Tgi6ZO4k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=j+eVNuSd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="j+eVNuSd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 67F35C4CEE8; Fri, 4 Apr 2025 15:49:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743781797; bh=uzd3PL2EB+uVFLUMLSyIqLuWfcxuHurojh+tE/larJ8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=j+eVNuSdtC6FwmybkNO0gtdMKglw7OutLcacfJaBep/21bA0l2ZuftJ/uax6Uil1r nbvcT9XyVLmfElakfJ4njtq7i5QWIqYgXKwitYS7OdHHDFhsrEcqYyo6pvR93EXf5I MQ9pRWgZ9nDq2OI/SUDA6k2rKMZ0iYw2iqvidFoh2w5bFN9GA/Uav1TAGO8AVJuuVH s8OSTYovXJ7HySaab5E2ofya2KJZA+LoS5IzxuIasoPw6KvmJ7zB1kWSyPYoOOTq1N GJ1bT1A9E9jtdJaLXnJ9ahGiGUHG3KHKY+GY63LanHxawmPfMXBd/xSY+l/bDimlr+ KVS5koNDBSzng== Date: Fri, 4 Apr 2025 08:49:56 -0700 From: Luis Chamberlain To: cel@kernel.org Cc: kdevops@lists.linux.dev, Chuck Lever Subject: Re: [RFC PATCH] terraform/OCI: Grab secrets from ~/.oci/config Message-ID: References: <20250403144906.1186015-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250403144906.1186015-1-cel@kernel.org> On Thu, Apr 03, 2025 at 10:49:06AM -0400, cel@kernel.org wrote: > From: Chuck Lever > > Instead of storing authentication secrets in the kdevops .config > file, pull them from the authentication profiles already set up > in ~/.oci/config. This arrangement is more secure. > > terraform's API authentication is now managed outside of Kconfig, > as is done with AWS. An update to docs/kdevops-terraform.md to > follow. > > Suggested-by: Luis Chamberlain > Signed-off-by: Chuck Lever Awesome! Might be useful to suggest this can be also be an enabler to use cloud for CIs and later share .config through kdevops-results-archive so to enable to reproduce tests on the cloud easily without revealing cloud secrets. Reviewed-by: Luis Chamberlain Luis