►
From YouTube: Secrets Management Sync
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
so
this
is
our
secrets,
management
sink.
I
know
in
our
last
meeting
we
talked
about
creating
some
more
issues
for
our
like
follow
up
on
where
we
should
be
investing.
Do
you
need
help
with
creating
these
issues?
What
can
I
do
to
support
you
on
this.
B
I
think
we
have
basically
all
that
I
had
in
mind
I'm
just
thinking
about
one
that
we
might
be
missing,
and
this
is
about
adding
an
option
for
users
to
configure.
Do
they
want
the
secret
exposed
as
a
file
or
just
as
environment
variables,
oh
yeah,
which
is
something
they
already
like,
some
of
them,
my
might
be,
and
now
like.
In
retrospect,
I
I'm
not
sure
I
made
the
right
choice
by
making
the
fight
default,
because
I
thought
my
my
reason
was
that
it
feels
safer.
B
But
eventually,
if
you
want
to
use
it,
you
need
to
transfer
this
value
in
most
of
the
cases
to
environment
variable
anyway,
so
yeah
anyway.
I
I
think
once
we
are
it's
not
like
stopping
people
from
using
it,
it
might
be
inconvenient
for
some
of
them,
so
we
should
start
an
option
I'll
create
an
issue
to
to
make
this
configurable
and
the
default
should
stay.
What
what
it's
now?
B
So
it's
not
a
breaking
change,
but
at
least
they'll
have
an
option
to
change
and
it
should
be
a
relatively
small
change
and
then
what
you
can
help
actually
is.
We
should,
I
don't
know,
put
some
priority
on
all
those
issues
and
you
have
a
better
insight
than
me
what
what
people
actually
want
and
need
because
yeah,
if
it's
me
I'll
sort
them
in
some
order,
but
it
doesn't
mean
that's
what
the
users
actually
want.
B
A
I
like
that
so
top
of
mind.
For
me,
the
two
issues
are
one
internal
issue:
the
telemetry,
adding
that
tracking
and
then
the
tls
support,
and
then,
of
course,
we
currently
have
the
dedicated
signing
key.
This
has
come
up
twice
and
calls
with
really
large
customers.
So.
A
They
they
only
want
machines
to
be
authenticating
with
vault,
so
they
have
a
bunch
of
scripting
that
they're
looking
at
layering
on
top
of
our
jwt
authentication
and
and
also
the
integration
that
you've
built
in
13.4.
A
A
So
we
wanted
to
create
that,
like
clear
line
in
the
sand,
that
this
is
a
machine
authentication
versus
odic
confusion.
So
that's
very
that's
perfect,
so
those
three
issues
are
top
of
mind.
For
me.
You've
already
waited
the
tls
one.
You've
waited
the
telemetry
one,
so
we'll
knock
those
out
in
short
order.
The
other
issues
are
they
in
the
section
configure
secrets.
Epic?
Is
that
where
they've
been
created-
and
this
is
like
afro
and
all
the
other
stuff.
B
Yeah,
well
maybe
the
last
few
that
were
created
last
few
days
might
not
have
the
ap,
but
I'm
thinking
it's
just
a
guess,
but
I
think
more
and
more
customers
will
will
want
the
the
name
space
for
vote
enterprise
because
it's
kind
of
enterprising
think
and
they
probably
are
using
it.
So
that
may
I
expect
this
to
pop
up,
but
it's
just
a
guess.
B
So
maybe
we
should
wait
for
demand
and
yeah
I'll
have
a
look
at
those
all
those
issues,
but
last
time
I
think
I've
put
them
in
some
order
and
we'll
make
sure
that
the
newer
ones
are
are
like
all
good.
So.
A
Yeah,
we
can
probably
I'll
probably
create
another
epic
for
our
other
authentication
methods
and
then
and
that's
where
we'll
store
the
app
role
and
and
tls,
and
then
maybe
I
know
that
I
was
talking
to
the
hashicorp
guys
in
slack
and
they're,
looking
at
adding
some
sort
of
other
like
marketplace
authentication
method.
They
didn't
give
me
very
many
details
on
that.
So
I'll
look
into
what
that
is,
and
then,
if
we
need
to
create
an
issue
for
supporting
that,
then
we
can
but.
A
A
B
B
Based
on,
like
the
whole
architecture
in
both
is
based
on
plugins,
so
even
if
we
want,
we
can
create
our
own
authentication
method
and
support
some
bit
large
specific
stuff,
but
I
don't
have
what
like
the
only
thing
I
we
have
missing
now
is
that
when
they,
when
we
validate
when
vote,
validates
the
json
web
token,
it
just
validates
the
based
on
signature.
It
will
be
cool
if
we
can
also
check
is
the
job
still
running
if
the
job
is
not
running.
B
Token
is
invalid,
but
I
don't
feel
that's
worth
creating
a
whole
new
authentication
method
at
the
moment,
because
it's
written
in
go
and
I'm
not
sure
how
much
we
can
how
easily
we
can
reuse
the
custom
one
if
it
was
ruby,
it's
very
easy
to
just
monkey
patch
and
change
something.
But
but
that's
something
like
a
thing:
big
long-term
plan.
A
For
sure,
okay,
that
that
sounds
perfect
to
me.
So
I
think
I
need
to
find
that
vault
telemetry
issue
and
either
add
it
to
this
epic
or
create
a
new
epic
and
associate
it
because
I
don't
know
if
it's
already
in
the
bring
your
own
vault
yeah.
I
don't
think
it's
in
there.
So
we'll
know.
B
B
So
we
may
have
some
trouble
to
make
the
queries
fast
enough
so
that
they
are
acceptable,
but
there
are
other
options
we
can
try.
If
that
turns
is
a
problem
like
we
can
use
the
radius
counters
or
something
else,
but
I'm
hoping
it
will
be
easy
enough
with
adding
some
indexes
just
just
something
to
keep
in
mind.
Okay,
that's
helpful.
We
may
hit
some
on
some
problems.
A
Okay,
but
in
my
in
my
mind
next
up
will
be
those
three
issues
we
talked
about
and
then
after
that
will
be
the
ball
ee
name
spaces,
and
then
I
think
by
then
we
may
have
additional
demand
for
configuring,
like
the
expiration
of
the.
B
A
Because
that's
been
that's
been
coming
up,
but
they're,
not
giving
me
enough,
like
justification
as
to
why
that
should
be
configured
in
gitlab,
because
today,
in
my
head,
that's
like
a
vault
thing
that
people
should
be
required
to
sit
on
the
vault
side.
B
But
there
are
actually
two
two
tokens
and
two
expirations
in
play
here:
one
is
the
json
web
token,
which
is
in
our
control.
So
we
are
the
one
that
should
configure
this
and
then
you
can
once
you
authenticate,
you
get
a
vote
token,
as
a
result
that
you
used
to
read
the
secret
and
this
one
is
configured
in
the
bolt
itself.
A
B
Yeah
not
there's
no
way
that
that
that's
the
part
where
they
have
to
configure
their
robot,
because
we
don't
have
the
access
to
their
vote
to
do
that
type
of
work
and
the
configuration
of
the
json
web
token
will
be
nice
to
have.
But
I
think
at
least
my
understanding
is
that
everyone
should
have
a
timeout
on
their
jobs
and
we
default
the
votes,
the
json
web
token
expiration
time
to
the
time
out
of
the
job
so
that
it's
no
longer,
then
the
job
itself
can
never
run.
B
But,
of
course,
if
the
jobs,
if
the
timeout
is
like
one
hour
and
a
job
finishes
for
five
minutes,
this
leaves
the
token
valid
for
another
55.
So
it
might
be
useful
and
it's
like
against
relatively
very
easy
change,
we'll
just
need
to
add
some
ui
and
then
then
use
that
that
number.
So
if
it
pops
up,
we
should
just
do
it.
A
Okay,
so
then,
from
a
sequencing
perspective,
I
think
it
should
be
vol
ee
name
spaces,
and
then
we
get
hyanna
to
add
a
ui
spec
for
defining
configurations
of
git
lab
in
the
ui,
and
we
include
things
like
expiry
expiry
time
and
other
sort
of
configuration
limits.
And
then
we
incrementally.
B
A
B
To
remind
again
that
of
those
three
issues
that
we
should
focus
on
first,
the
tos
will
require
runner
changes,
so
it
may
take
a
little
bit
more.
The
other
two
are
just
just
real,
so
at
least
it's
all
in
with
us.
A
Yeah
and
that's
kind
of
why,
like
I'm,
not
associating
milestones
in
this
conversation,
because
I
have
tls
scheduled
like
in
13.7
or
something
so
that
we
can
start
laying
the
foundation
with
runner
now
and
thinking.
B
A
Side
yeah,
I
agree,
okay
and
then
the
other
item
I
had
was
the
hashicorp
lightning
talks,
thanks
for
taking
that
on
really
appreciate
it,
I'm
kind
of
swamped
with
gitlab
china
right
now.
So
oh.
A
And
then
you
confirmed
that
the
dedicated
signing
key
is
something
you're
picking
up,
so
we
should
feel
good.
B
Yeah,
that's
why
I
went
with
doing
the
generic
packages
download
yesterday,
because
I
knew
I
can
do
it
in
a
day
so
to
move
this
one
may
take,
it
should
be
still
not
much
work
because
it
will
be
my
third
take
on
it.
So
it's
pretty
much
clear
what
I
should
do,
but
and
for
the
lighting
talk,
that's
what
I
was
asking
for,
how
much
time
we
should
like
talk
and.
B
Talk,
my
part
was
like
eight
minutes,
so
I'm
thinking
pretty
much
the
similar,
maybe
we'll
update
it
a
little
bit
with
like
examples
from
what
we
have
now.
I
just
I
just
in
my
mind.
I
just
want
to
show
the
flow
of
that
diagram
like
create
secret
creator,
create
everything
which
can
be
a
live
demo,
but
I
feel
more
safe.
It
will
be
if
it's
a
set
of
slides
and
just
just
show
it
to
people
and
explain
what
as
well.
A
Also,
what
I
do
is
queue
up
screens
that
have
already
run
successfully
and
like
show
people
the
job
logs
so
like
if
there's
an
exam,
if
there's
an
existing
project
that
has
a
successful
job,
log
or
successful
pipeline
that
usually
plays
really
well,
because
I
have
demoed
live
many
times
my
life
and
ended
up
like
falling
on
my
face,
especially
with
like
the
latency
stuff.
That
gitlab
has.
A
I
completely
agree
with
you
that,
but
sometimes
in
these
talks
it's
helpful
to
have
it
in
platform.
So
just
have
like
already
already
succeeded,
jobs
up
and
just
show
them
the
logs.
B
A
I'm
comfortable
with
whatever,
with
which,
whatever
way
you
want
to,
I
would
plan
for
like
10
minutes
of
talking,
though,
and
then
allow
room
for
for
questions,
and
that
kind
of
thing.
A
Yeah,
I
think
that
actually,
you
won't
have
to
rehearse
or
anything.
This
looks
like
since
it's
an
external
event,
it
doesn't
look
like
hashicorp
is
as
controlling
as
we
are
well.
B
A
Or
I
don't
know,
let's
see,
content
is
due.
It's
not
an
issue,
though,
like
if
you
scroll
down
in
a
comment.
It's
due
there.
It's,
like
my
own,
said:
hey
when's,
the
content
due
and
it's
replied
back
october
6.
A
B
B
Leave
it
to
me
I'll
copy,
the
slides
and
remove.
I
don't
want
and
we'll
share
them
with
you
or
maybe
maya.
A
A
A
B
B
We
may
need
to
some
other
api
endpoints
that
are
just
like
not
about
the
fetching
and
uploading
the
files
themselves,
but
just
giving
you
information
like
this
package
has
that
many
files
with
these
urls
like
I'll,
just
see
what
we
have
for
the
other,
but
the
npc
should
be
just
authentication,
download
and
upload
and
then
those
other
follow-up
issues
that
we
were
talking
about.
B
The
restrictions
I've
put
on
version,
format
and
stuff
like
this,
which
oh
yeah
sorry
once
I
do
the
upload,
I
should
sit
down
and
write
the
talks
cause
people
will
need
talks
to
use
that,
but
that
shouldn't
be
a
problem.
B
B
Just
not
sure
at
what
point:
we're
gonna
hang
this
over
back
to
package
or
are
we
gonna?
I
was
thinking
we're
gonna
work
on
this
at
least
it's
enough
for
our
purpose
and
then
try
to
hand
over
the
package,
but
I'm
not
sure.
A
B
A
If
they
want
to
so,
and
some
people
will
start
using
it
for
something
else,
other
than
releases,
so
yeah
you're
totally
right,
okay.
Well,
then,
I
can
talk
with
nicole
about
that.
I
don't
want
to
step
on
our
toes,
because
this
sounds
like
it's
like
an
engineering
thing,
so
I'll
talk
to
her
about
it,
and
then
we
can
set
up
either
a
sync
to
transfer
this
formally
over
or
maybe
tim
will
be
like
it's
fine.
We
can
just
read
the
documentation
and
it's
no
big
deal.
B
Well,
yeah,
let
me
know,
I
think
we
should
do
the
the
initial
dots
and
like
release
the
mvc,
and
then
I
don't
mind
doing
it.
It's
just
about
timing.
A
In
my
head,
this
is
the
only
thing
we're
doing
with
package
so
like
after
we
shipped
this.
I
was
like
all
right
we're
out.
I
didn't
expect
to
like
support
it.
Long
term.