# mac todo

## Use vault for secrets

Relops is planning on setting up `vault` for secret management. This is more secure than the current secrets yaml.

When that happens, we can potentially move the 4 cert secrets into the vault service, and use it from puppet. This will require sec approval. This would allow us to reimage and have a running machine without any manual setup.