@olivierlambert its custom config, not any bug. Ill point it out what i mean below.
- I have standard ubuntu template ->
- I would like my vm to be already customize, when its created, because its faster and easier when everything is in one place ->
- So for that i have created cloud-init for eg.->
#cloud-config hostname: <hostname> package_update: true package_upgrade: true write_files: - path: /etc/ssl/certs/mydomain.crt content: | <certificate data> - path: /etc/ssl/private/mydomain.key content: | <private key data> runcmd: - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
- So my main problem is that this, particular cloud-init has fixed <certificate data> and <private key data>, that i would like to not be passed as a plain text, because it is a secret. To me its not done (for now) with best practices, but its very comfortable.
So finally, i am wondering what is the best solution, for not putting secrets as a plain text, but rather keep them as a secret. I could create templates and later delete cloud-config with those data, but it would be more flexible, if there would be any chance to connect it to Hashicorp Vault or something that will dynamically fetch secrets.