Current questions:
- is the horizon UI reasonable for our use cases?
Nope! The upstream barbican_ui project doesn't work at all with Horizon/Train. We can retest with eventual future versions.
- how should we actually store the secrets?
- is there any semi-secure way to integrate with puppet?