Perl 6 - the future is here, just unevenly distributed

IRC log for #confidant, 2016-10-20

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:24 sam_ joined #confidant
00:24 sam_ Hi folks, I have a quick question in regards to setting up confidant on my EC2 instance..
00:26 sam_ so I've docker pulled and ran `docker run --env-file my_config -t lyft/confidant`
00:26 sam_ with config file that looks like this `AWS_ACCESS_KEY_ID=1 AWS_SECRET_ACCESS_KEY=1 USE_AUTH=false USE_ENCRYPTION=false AWS_DEFAULT_REGION=ap-southeast-2  DYNAMODB_TABLE=confidant-development DYNAMODB_URL=http://dynamo:7777 DYNAMODB_CREATE_TABLE=true  GEVENT_RESOLVER=ares  DEBUG=true SSLIFY=false  SESSION_SECRET=lo8TouG7Bee1ahx7caeyoa6Aic6ku1johjoiyiey STATIC_FOLDER=public`
00:27 sam_ but im getting an error of `ConnectionError: ('Connection aborted.', gaierror(4, 'ARES_ENOTFOUND: Domain name not found'))`
00:31 lyftbot [samlinbris] Hi folks, I have a quick question in regards to setting up confidant on my EC2 instance..
00:32 lyftbot [samlinbris] so I've docker pulled and ran `docker run --env-file my_config -t lyft/confidant`
00:32 lyftbot [samlinbris] with config file that looks like this `AWS_ACCESS_KEY_ID=1 AWS_SECRET_ACCESS_KEY=1 USE_AUTH=false USE_ENCRYPTION=false AWS_DEFAULT_REGION=ap-southeast-2  DYNAMODB_TABLE=confidant-development DYNAMODB_URL=http://dynamo:7777 DYNAMODB_CREATE_TABLE=true  GEVENT_RESOLVER=ares  DEBUG=true SSLIFY=false  SESSION_SECRET=lo8TouG7Bee1ahx7caeyoa6Aic6ku1johjoiyiey STATIC_FOLDER=public`
00:32 lyftbot [samlinbris] but im getting an error of `ConnectionError: ('Connection aborted.', gaierror(4, 'ARES_ENOTFOUND: Domain name not found'))`
02:43 Ryan_Lane Hey Sam
02:44 Ryan_Lane I think it's not able to find dynamo
02:44 Ryan_Lane Are you running this for dev purposes?
02:46 Ryan_Lane If so you need to run docker compose so that it'll also bring up the local dynamo process
03:52 sam_ thank you Ryan
03:52 sam_ that's exactly what I was missing
03:53 Ryan_Lane cool. let me know if you have any other questions :)
03:53 Ryan_Lane you're trying it out for now?
03:58 sam_ yeah
03:58 sam_ I'm actually evaluating whether credstash will suit my project better or confidant
03:59 sam_ setting up the environment configuration now.
04:00 sam_ actually I have a quick question on the ui, I know that credentials represent the KMS aspect. What about services?
04:11 sam_ I saw your presentation "secret management on cloud" by the way Ryan. Loved it, got me into configuration distribution too. That's why I'm asking these questions now :$
04:12 Ryan_Lane ah. cool :)
04:12 Ryan_Lane the credentials are the secrets
04:12 Ryan_Lane the services are mapping of the secrets to a "service"
04:12 Ryan_Lane which by default is roughly equivalent to IAM roles
04:13 Ryan_Lane though you don't have to tie it 1:1 with IAM roles
04:13 Ryan_Lane depending on what you're doing, credstash can be a lot easier
04:13 Ryan_Lane but I think confidant is a bit more flexible
04:18 sam_ credstash doesn't have an interface thats why im trying out confidant
04:19 Ryan_Lane gotcha
04:20 Ryan_Lane well, I'm here for help if you need anything :)
04:22 sam_ actually you could, again haha
04:22 sam_ It'll be easier if you can supply me an example service.env file ( not the dev one)
04:23 Ryan_Lane ah. gotcha
04:24 sam_ I've put in all the info needed as the configure documentation specified in https://lyft.github.io/confidant/basics/configuration/. However I have to constantly docker-compose up to find out what I did wrong and redo it again, which takes up a lot of time
04:25 Ryan_Lane gotcha. well, the basic config should be roughly correct for running against AWS
04:26 Ryan_Lane but you also need to create the KMS key, give the instance an IAM role that has the right privileges, create a dynamo table (if you don't allow the instance's IAM role to do so)
04:26 Ryan_Lane assuming it's all going against AWS services you shouldn't need compose
04:26 Ryan_Lane just running docker normally should work
04:27 Ryan_Lane I think the default config of dynamo, how confidant creates it, should be free
04:29 Ryan_Lane and I think the key is ~$1/month, if you're not making calls to it
04:29 Ryan_Lane so trying it out on real AWS services is probably the easiest way, if you've already checked out the interface
04:32 sam_ no worries :), I'll give it a shot
04:34 Ryan_Lane cool. I'll try to make a real example running in AWS sometime soon
04:44 sam_ awesome, thanks mate
17:12 RandyT joined #confidant
20:27 RandyT left #confidant
21:10 ilbot3 joined #confidant
21:10 Topic for #confidant is now Secret management for AWS. https://lyft.github.io/confidant Channel logs at http://irclog.perlgeek.de/confidant/
21:46 doy the confidant-client documentation says that i should be able to specify the auth key as either an arn or an alias
21:46 doy but only an arn seems to work for me
21:46 doy i just get `Invalid keyId` if i try to use an alias
21:47 doy is there something special i need to do to make this work?

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary