Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I have two Supermicro X9 2Us, each with Proxmox. One has allegedly existed solely as a backup target, which wakes up daily to ingest ZFS snapshots using pyznap. Unfortunately, for reasons which are unclear, this particular node doesn't always like to see its boot device, which is an NVMe drive. It's the exact same board as my primary, with the exact same modified BIOS to allow booting from NVMe. It usually takes 2-3 cycles before it'll see it and boot.
This is not secure. It requires the username/password to be stored in plaintext in the script. If you have the proper backend, you could use keyring, or if you're adventurous you could set up Vault. I may do the latter at some point. Realistically, if you're running this on your home LAN, it's highly unlikely that someone is going to infiltrate it, sniff traffic, acquire your IPMI credentials, and then use them, but you define your own risk tolerance. You could create another IPMI user with limited powers as a mitigation.
Related posts
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
- Keep it cool and secure: do's and don'ts for managing Web App secrets
- Kubernetes Secret Management
- AWS Secrets Manager for on-premise and other cloud accounts scaled architecture
- What are some basics that a lot of Sysadmins/IT teams miss?