Secure Pillar in SaltStack with GPG

Encrypting your Pillar data is recommended because it contains your most valuable information like passwords and keys used in your infrastructure. Pillar data is held by the Salt master and only send through an encrypted bus to Minions when used in a state file. Using Pillar makes sure that sensitive information is only available on the servers that need access. The weak spot here is the Salt master and all other places where your Pillar sls files are stored in plain text. You may for example use GitHub or another external code hosting service.
Continue reading “Secure Pillar in SaltStack with GPG”