So far, we've only been defining the state of our infrastructure using state files. However, there is no mechanism in the state files for per-minion access control. Any file or data that you put in
/srv/salt is immediately available for approved minions.
Much like grains, which we have talked about before, the pillar system is just a key-value store in Salt. However, each minion gets its own set of pillar data, encrypted on a per-minion basis, which makes it suitable for sensitive data.
# sudo mkdir /srv/pillar # cd /srv/pillar
Let's define some pillar data. Inside
/srv/pillar, we're going to create a couple of files. The first file is going to be
/srv/pillar/core.sls. Note that pillar files also have...