Skip to content

Commit

Permalink
add explicit reference to grains['id'] as a 'safe' grain for pillars
Browse files Browse the repository at this point in the history 
The documentation is a bit vague concerning the safe way to target
a specific minion inside pillars.

This commit explicitly mention grains['id'] as safe (according to PR
saltstack#12128)
  • Loading branch information
carpenti committed Oct 21, 2016
1 parent e728c20 commit 847b9a7
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions doc/faq.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,8 @@ files on the local system, grains are considered less secure than other
identifiers in Salt. Use caution when targeting sensitive operations or setting
pillar values based on grain data.

The only grain which can be safely used is ``grains['id']`` which contains the Minion ID.

When possible, you should target sensitive operations and data using the Minion
ID. If the Minion ID of a system changes, the Salt Minion's public key must be
re-accepted by an administrator on the Salt Master, making it less vulnerable
Expand Down

0 comments on commit 847b9a7

Please sign in to comment.