Some of our SSL keys require a password to restart Apache. We're moving towards using puppet and when we make Apache configuration changes across the enterprise the webservers that require passwords fail to restart.
We're at a bit of a crossroads. I want to remove the password from the SSL keys and rely on file system permissions and have root own the directory/file. Management wants some convoluted system to hit a central server and retrieve the password whenever apache needs to restart.
How are you guys solving this problem?
[link][15 comments]