Platform secrets are service passwords, certificates and private keys which are stored in Transcrypt encrypted platform Git repository and thus are easy to audit.
To access Platform Secrets for existing deployment it is necessary to obtain transcrypt key, for more details about how to access existing environment please see Connecting to environment guide.
Platform secrets by default are located in
$HOME/git/$OWNER/ansible-data-$ENV, for more details about platform client settings and how to change them please see Settings guide.
Repository directory structure
dashboards- monitoring dashboard template instantiation markers, if file for a particular user is present and matches new template, template is not uploaded to elasticsearch
git- temporary gitolite admin repository, not stored in Platform Secrets
inventory- ansible inventory directory with environment specific host inventory (by default includes AWS EC2 inventory)
ldap- LDAP user instantiation markers, if marker matches previous user LDAP definition, user is not added to LDAP
markers- plain markers for various facts, if file is present, action is assumed to be completed
passwords- service passwords for inter service communication
passwords/iam- AWS IAM user IDs and Keys, for example
passwords/rds- AWS RDS service and DB passwords, for example
passwords/users- service user passwords, for example
ssh- service private/public SSH keys, for example
ssl- service SSL keys and certificates, for example
ssl/ca-*- WAF certificate authority merge directory in case if WAF has to trust multiple CAs, for example
ssl/crl-*- WAF certificate revocation list merge directory in case if WAF has to trust multiple CAs, for example