configpolicy

dustin

History

Dustin 906819dd1c r/apache: Use variables for HTTPS cert/key content Using files for certificates and private keys is less than ideal. The only way to "share" a certificate between multiple hosts is with symbolic links, which means the configuration policy has to be prepared for each managed system. As we're moving toward a much more dynamic environment, this becomes problematic; the host-provisioner will never be able to copy a certificate to a new host that was just created. Further, I have never really liked the idea of storing certificates and private keys in Git anyway, even if it is in a submodule with limited access.	2025-07-13 16:02:57 -05:00
..
main.yml	r/apache: Use variables for HTTPS cert/key content	2025-07-13 16:02:57 -05:00

Dustin 906819dd1c r/apache: Use variables for HTTPS cert/key content

Using files for certificates and private keys is less than ideal.
The only way to "share" a certificate between multiple hosts is with
symbolic links, which means the configuration policy has to be prepared
for each managed system.  As we're moving toward a much more dynamic
environment, this becomes problematic; the host-provisioner will never
be able to copy a certificate to a new host that was just created.
Further, I have never really liked the idea of storing certificates and
private keys in Git anyway, even if it is in a submodule with limited
access.

2025-07-13 16:02:57 -05:00

main.yml

r/apache: Use variables for HTTPS cert/key content

2025-07-13 16:02:57 -05:00