Comment 2 for bug 1931392

Thank you for your response. I still find both the design as well as documentation confusing. For example, the documentation says:

> Because user-data and vendor-data can contain passwords both of these files are readonly for root as well.

Ok so what's the rationale for the different handling of the sensitive variables in meta-data then?

> Any instance-data-sensitive.json variables are surfaced as dot-delimited jinja template variables because cloud-config modules are run as ‘root’ user."

I have no idea what that means. Does it explain or contradict the behaviour I'm observing?

I found by trial that the only file storing the custom meta data variables which is readable by non-root is instance-data.json, so now I chmod it at the top of in bootcmd and that solves the technical aspect of the issue for me.

I don't per se mind the behaviour, I just find the documentation confusing. If there was at least an example of how to deal with situations like mine, that would be a huge improvement.