Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by LinenTitle
k
kind-mechanic-53546
07/29/2020, 3:27 AMDoes anyone have a good azure service for config management?
I'd like to export all my config (endpoints, secrets, connection strings, hostnames etc...) to have 1 consolidated place, currently, it's spread over 10 odd pulumi stacks
In AWS, I'd use SSM Parameter store, but Azure App Configuraton is 1) not supported by Terraform or Pulumi and 2) expensive
c
colossal-room-15708
07/29/2020, 5:19 AMThe best service for this would be Azure Key Vault.
k
kind-mechanic-53546
07/29/2020, 6:49 AMI was afraid that would be the answer 🙂
I'm doing that with secrets now, but it's a terrible interface compared to SSM Parameters
This is the presentation on the console
its 3 clicks to get to the tags which I put the description of the resource in 🙂
horrible UX
anyway, thanks 🙂
c
colossal-room-15708
07/29/2020, 7:05 AMThat UX depends on how you do it.
Plus, if you don't care about encryption of values in the UI / API then maybe cosmos DB or storage accounts tables might be enough
https://docs.microsoft.com/en-us/azure/cosmos-db/table-storage-overview
k
kind-mechanic-53546
07/29/2020, 8:33 AMmust be encrypted & hidden and RBAC'd for secrets
c
colossal-room-15708
07/29/2020, 10:43 AMIn which case it'll be Key Vault.
Understand though that RBAC (for now) only works on the vault, not on secrets.
👍 1