| 3 May 2022 |
 v0|d | this brough me here. | 07:32:07 |
| v0|d | * this brought me here. | 07:32:20 |
 Zhaofeng Li | If you have a TPM, authenticating the boot chain is actually pretty easy. You can either use tpm2-attest or have it decrypt some secret with clevis. | 07:35:48 |
| v0|d | are there any pages on wiki regarding grub/tpm/initrd? | 07:36:47 |
|  ar joined the room. | 08:29:44 |
| Zhaofeng Li | In reply to @v0id:nltrix.net
are there any pages on wiki regarding grub/tpm/initrd? Don't think there is one at the moment | 22:45:25 |
| 4 May 2022 |
|  bernardo changed their display name from bernardo to bernardo ooo (sick). | 11:07:57 |
| 5 May 2022 |
|  anthr76 joined the room. | 02:23:14 |
| bernardo changed their display name from bernardo ooo (sick) to bernardo. | 12:38:32 |
| 7 May 2022 |
|  Jakob joined the room. | 13:00:52 |
| 9 May 2022 |
|  kayla (she/they) joined the room. | 10:57:32 |
| 14 May 2022 |
|  Florian | W3F changed their display name from Florian | W3F to Florian | OoO -> 29.5.. | 11:56:58 |
| 21 May 2022 |
|  Leon joined the room. | 20:33:43 |
|  Martin joined the room. | 21:01:36 |
| 22 May 2022 |
|  Emantor joined the room. | 08:52:04 |
| 23 May 2022 |
|  Florian joined the room. | 14:19:22 |
| 24 May 2022 |
|  mixis joined the room. | 16:28:49 |
| bernardo left the room. | 21:00:22 |
| 25 May 2022 |
 Mic92 (Old) | Not sure what the best channel for this question is, but do you have some automation/recommndation on how to bootstrap vault access on new machines? | 10:41:04 |
| 27 May 2022 |
 @grahamc:nixos.org | hardware? | 13:23:17 |
| @grahamc:nixos.org | * bare metal hardware that you own? | 13:23:23 |
| @grahamc:nixos.org | Mic92: ^ | 13:23:49 |
| @grahamc:nixos.org | for people I push them through logging in with google apps, for bare metal hardware I was working on this but didn't end up needing it: https://github.com/grahamc/vault-credential-yubikey | 13:24:45 |
| @grahamc:nixos.org | (but it completely works) | 13:24:56 |
| Mic92 (Old) | In reply to @grahamc:nixos.org
Mic92: ^ Let's say something cloud-vendor neutral. I need to be able to migrate if possible. | 13:25:26 |
| @grahamc:nixos.org | I'd use whatever auto auth method you can built-in to vault, trying to remain vendor neutral on that is (imho) missing out on a lot of really good security engineering | 13:26:34 |
| @grahamc:nixos.org | ie: AWS, Azure, GCP, etc. all have built-in automatic authentication mechanisms that I'd take advantage of | 13:27:13 |
| Mic92 (Old) | Do you usually deploy vault enterprise? | 13:27:24 |
| @grahamc:nixos.org | no | 13:27:36 |
| @grahamc:nixos.org | I don't have that kind of budget 😓 | 13:27:53 |
