I am not entirely sure. By all means one should not put top secret stuff in metadata (due to other drawbacks there, like access by any process on that instance, potential ip address spoofing with ironic deploys etc.), but I could not find in docs that exact recommendation. Also, what is the purpose of request validation via metadata_proxy_shared_secret which eliminates the X-Forwarder-For issue already?
I am not entirely sure. By all means one should not put top secret stuff in metadata (due to other drawbacks there, like access by any process on that instance, potential ip address spoofing with ironic deploys etc.), but I could not find in docs that exact recommendation. Also, what is the purpose of request validation via metadata_ proxy_shared_ secret which eliminates the X-Forwarder-For issue already?