@olivierlambert its custom config, not any bug. Ill point it out what i mean below.
I have standard ubuntu template ->
I would like my vm to be already customize, when its created, because its faster and easier when everything is in one place ->
So for that i have created cloud-init for eg.->
#cloud-config
hostname: <hostname>
package_update: true
package_upgrade: true
write_files:
- path: /etc/ssl/certs/mydomain.crt
content: |
<certificate data>
- path: /etc/ssl/private/mydomain.key
content: |
<private key data>
runcmd:
- apt-get update
- DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
So my main problem is that this, particular cloud-init has fixed <certificate data> and <private key data>, that i would like to not be passed as a plain text, because it is a secret. To me its not done (for now) with best practices, but its very comfortable.
So finally, i am wondering what is the best solution, for not putting secrets as a plain text, but rather keep them as a secret. I could create templates and later delete cloud-config with those data, but it would be more flexible, if there would be any chance to connect it to Hashicorp Vault or something that will dynamically fetch secrets.
