-
Kristian Klausen authoredWith the support for network.wireguard.* credentials[1] in systemd v256[2], we can now easily avoid storing the credentials centrally in our ansible vault, which is preferable as it makes the private keys less exposed. It may also make fine-grained access easier in the future[3] as there is no longer a vault file for each server. All the keys have been rotated and the new private keys are only stored on the servers. [1] https://github.com/systemd/systemd/pull/30826 [2] https://github.com/systemd/systemd/releases/tag/v256 [3] #64
Kristian Klausen authoredWith the support for network.wireguard.* credentials[1] in systemd v256[2], we can now easily avoid storing the credentials centrally in our ansible vault, which is preferable as it makes the private keys less exposed. It may also make fine-grained access easier in the future[3] as there is no longer a vault file for each server. All the keys have been rotated and the new private keys are only stored on the servers. [1] https://github.com/systemd/systemd/pull/30826 [2] https://github.com/systemd/systemd/releases/tag/v256 [3] #64
Code owners
Assign users and groups as approvers for specific file changes. Learn more.