So this is a PCI compliant environment. I hit similar issues when I worked in health care though and we were trying to meet HIPPA compliance with our hardware. Auditors just didn’t want access credentials on the same box, so with that company we were able to have puppet handle them and because the puppet master was somewhere else the auditors didn’t care. It’s dumb reasoning, but it’s the way these industries work.
So I can have passwords in my ansible playbooks, that’s tolerable. I just can’t put the password on the box itself. That is most likely a pretty uniform requirement, with the exception of application configuration to connect to said database. Thanks for your help on this. -- Stan Lemon On January 10, 2014 at 1:25:01 PM, Peter Gehres ([email protected]) wrote: I don’t think ciphertext + decryption key would fly either. I agree with you that both this 0600 on the root should be sufficient, but often times the audits in these regulated environments defy rationale arguments. Sadly, I thought that might be your answer. Does this only apply to the root password? If you can share, what framework are you being audited under? You've got me playing cat-and-mouse with the auditors in my head. :-) Have you solved this problem outside of Ansible anywhere as part of an automation routine? -- Peter Gehres Site Reliability Engineer | AppDynamics, Inc. www.appdynamics.com | AS62897 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
