This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-03-29
Channels
- # announcements (9)
- # aws (1)
- # beginners (133)
- # boot (2)
- # calva (94)
- # cider (48)
- # cljdoc (7)
- # cljsrn (22)
- # clojure (128)
- # clojure-europe (22)
- # clojure-finland (7)
- # clojure-greece (6)
- # clojure-losangeles (3)
- # clojure-nl (81)
- # clojure-spec (30)
- # clojure-uk (60)
- # clojure-ukraine (1)
- # clojurescript (45)
- # core-async (26)
- # cursive (18)
- # datomic (12)
- # defnpodcast (1)
- # duct (4)
- # editors (4)
- # emacs (6)
- # fulcro (37)
- # graphql (4)
- # jobs (2)
- # jobs-rus (1)
- # juxt (7)
- # kaocha (2)
- # leiningen (1)
- # nrepl (22)
- # off-topic (2)
- # re-frame (16)
- # reagent (8)
- # reitit (22)
- # ring-swagger (5)
- # shadow-cljs (81)
- # tools-deps (4)
does anyone store encrypted PII data in their datomic cloud dbs (for GDPR)? Where do you store your keys?
nvm, just learned about this https://docs.datomic.com/on-prem/excision.html
No excision in Cloud (yet) but here’s a good description of what’s required https://vvvvalvalval.github.io/posts/2018-05-01-making-a-datomic-system-gdpr-compliant.html
you can store the keys as encrypted SSM params and read them using ion/get-params. just make sure they start with “datomic-shared” or they won’t be accessible without extra IAM perms (this caught me out)
What is the importance of the KeyName parameter on the CloudFormation template? It's not required to connect to the bastion host and you never connect to the compute nodes. Is it used by CodeDeploy or something?
I thought it was required to connect to the bastion host
The startup script of the bastion generates a keypair and uploads the public key to s3 which the proxy script downloads. So the ec2 keyname is actually not used.