I have a use case where we need to authenticate several hosts. These host need to retrieve secrets from Conjur. Some secrets would need to be retrieved by every host, some by set of hosts and some secrets are dedicated only to specific hosts. Creating Host name and an API key is really not feasible. The hosts are on prem as well as in AWS and hence using AWS IAM authenticator is not an option. I wanted to utilize Host factory and wanted to check how commonly this is adopted in DAP implementation and any challenges encountered while using the the host factory option. Appreciate your inputs. Thanks
Hey @sjohnkennedy ,
In my personal opinion, I would refrain from using host factory. You can easily split the AWS EC2 instances from the on-premise servers and VMs. Use authn-iam for AWS on the AWS EC2 instances. For the on-premise hosts, is there a common platform these hosts are being spun up in or are these literally baremetal servers in a data center somewhere?
Thanks for your response @joe.garcia.
All the servers on premise are VM and are in the same Puppet Master. I am trying to figure out how to establish identity for each of these hosts and automating establishing identity for the new hosts that will get added. Creating individual host and API keys for each host is not feasible in my opinion. We are using the puppet plugin to lookup and retrieve credentials from Conjur. I thought I could try using Host factory to solve this use case.
Any thoughts or suggestions addressing this?