Tag Archives: credhub

Guide to deploying Genesis kits to BOSH/CredHub

Genesis is an awesome deployment framework for deploying systems with BOSH to any infrastructure cloud. It has a whole catalog of open source production ready kits which make it super easy to deploy, scale, and upgrade systems such as Cloud Foundry Application Runtime (PaaS), Vault (Secrets), Concourse CI, SHIELD (backup/restore), and Minio (Object Store). Genesis

CredHub: Keys must be PEM-encoded PKCS#1 keys.

Credhub keeps your credentials out of your configuration files.  On a recent project, I was adding certificates and their private keys to a CredHub instance so that Concourse could retrieve them to configure and then deploy a Cloud Foundry foundation that would then use these certificates. To do this, I ran: credhub set –name /path/to/certificate

Accessing BOSH, CredHub, and Vault via magic tunnels

It is not a good idea to allow your BOSH/CredHub/Vault to be accessible on the public internet. Yes, they both require credentials and certificates to access, but there is just no good reason to expose them on the internet. So you will only deploy them into private networks. Unfortunately, now you’ve made it hard for