Perl 6 - the future is here, just unevenly distributed

IRC log for #confidant, 2016-07-18

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:48 ilbot3 joined #confidant
01:48 Topic for #confidant is now Secret management for AWS. https://lyft.github.io/confidant Channel logs at http://irclog.perlgeek.de/confidant/
13:59 ilbot3 joined #confidant
13:59 Topic for #confidant is now Secret management for AWS. https://lyft.github.io/confidant Channel logs at http://irclog.perlgeek.de/confidant/
14:25 lyftbot left #confidant
14:26 lyftbot joined #confidant
17:12 abrody joined #confidant
17:13 woodrow joined #confidant
17:21 Ryan_Lane joined #confidant
18:25 Ryan_Lane broder: we fetch credentials once a minute
18:25 Ryan_Lane and we restart services if the credentials have changed
18:26 Ryan_Lane (our deployment infra is pull based, and runs in a one minute cron loop_
18:26 Ryan_Lane )
18:27 Ryan_Lane we re-run our config management if the deployment code notices any changes (different sha for base config or the service's config, confidant, etc)
18:28 Ryan_Lane we could fetch on service startup, but it puts confidant directly into the critical path
18:29 Ryan_Lane it also makes it harder to detect when the credentials change
18:29 Ryan_Lane and harder to reload them when they do change
18:29 Ryan_Lane it's easiest to cache the credentials in a ramdisk and inject them into the environment of a starting service
18:30 Ryan_Lane then if confidant fails, you can fallback to cache. confidant is still in the critical path for instance launching (and autoscaling), but that's less worrying :)
18:31 Ryan_Lane we also cache the KMS auth tokens, because we want to avoid ratelimits to KMS
19:02 broder ok, that's basically consistent with what i was thinking of diong

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary