The only downside of credstash is that it doesn't have the ability to restrict sets of credentials to different IAM roles. The access is all-or-nothing, per dynamo table.
Otherwise the general design of credstash is very similar to Confidant.
I'm loving this article. When listening to old jazz recordings where trap kits like this were used, it's clear that there's sounds that would be difficult to reproduce with modern gear, particularly cymbals (all those hi-hat predecessors!). I'm amazed that the hardware held up. The way I play, I'm sure I'd destroy these kits in minutes.
There must be something in the air regarding tools for managing secrets. First Keywiz, then Credstash, a little python utility for managing secrets using AWS KMS https://github.com/LuminalOSS/credstash
Also coincidentally, this was just released today -- Credstash: a utility for managing secrets using AWS KMS and DynamoDB. Written in Python. https://github.com/LuminalOSS/credstash
Very interesting, I worked on a system that does provide 'truth and trust' but the first part (voluntarily destroying instances) of what you say seems like the opposite? If you want to maintain truth with everyone being aware of each other 's state but then want to voluntarily disrupt said state, wouldn't that lead to unnecessary work? Also, would be nice if you shared the data that led to such an approach (I see this removes the need for say Upgrades, but does it actually provide a benefit)? May be I'm completely off-base here.
Disclosure: I am a founder and the CEO of Luminal.
In a distributed, and therefore often largely stateless system at the instance level, the system boundary is now outside the individual instance. The performer (a series of instances over time in Fugue) is roughly analogous to a process on an individual computer. Truth and trust are maintained by knowing and controlling the state of the instances themselves with Fugue. Think of the Conductor as analogous to the kernel in a traditional OS, where providing processes CPU time and resources is a regular course of business.
As for unnecessary work, we've found that maintaining systems in place, with all the failure, complexity and configuration drift that's inevitable is much more expensive than using some of the excess capacity of a given performer. Most systems target 70% or so utilization - we use some of that excess to lifecycle.
I hope this answers the question and we're really excited to get feedback on what we're doing so it's relevant to your work.
Terraform creates everything and hands you the keys to manage your infrastructure. Fugue continually manages your infrastructure after the deployment with the Conductor. The continuous automatic regeneration of instances make bad boots, noisy neighbors, and transient errors temporary blips rather than problems that must be manually addressed. Fugue continuously enforces your desired state of infrastructure so you don't have to.
