chef
chef copied to clipboard
Move prometheus AWS_ACCESS_KEY_ID to secret bag
https://github.com/openstreetmap/chef/blob/31e786d715dbb4599a129f5e3bbfdda7c1c54cbb/cookbooks/prometheus/recipes/server.rb#L64-L65
There's no real security urgency as the AWS_SECRET_ACCESS_KEY is in the secret data bag, but any rotation of the key will change both the access key and secret key so it makes sense to store them in the same place, rather than have to synchronize changes across two repos.