Add a config option to disable writing keyring to a file

cmd/serf/command/agent/config.go

@@ -82,7 +82,8 @@ type Config struct {
 	EncryptKey string `mapstructure:"encrypt_key"`
 
 	// KeyringFile is the path to a file containing a serialized keyring.
-	// The keyring is used to facilitate encryption.
+	// The keyring is used to facilitate encryption. If left blank, the
+	// keyring will not be persisted to a file.
 	KeyringFile string `mapstructure:"keyring_file"`
 
 	// LogLevel is the level of the logs to output.

serf/internal_query.go

@@ -192,10 +192,12 @@ func (s *serfQueries) handleInstallKey(q *Query) {
 		goto SEND
 	}
 
-	if err := s.serf.writeKeyringFile(); err != nil {
-		response.Message = err.Error()
-		s.logger.Printf("[ERR] serf: Failed to write keyring file: %s", err)
-		goto SEND
+	if s.serf.config.KeyringFile != "" {
+		if err := s.serf.writeKeyringFile(); err != nil {
+			response.Message = err.Error()
+			s.logger.Printf("[ERR] serf: Failed to write keyring file: %s", err)
+			goto SEND
+		}
 	}
 
 	response.Result = true

website/source/docs/agent/options.html.markdown

@@ -80,8 +80,9 @@ The options below are all specified on the command-line.
   than one encryption key until all members have received the new key. The
   keyring file helps persist changes to the encryption keyring, allowing the
   agent to start and rejoin the cluster successfully later on, even if key
-  rotations had been initiated by other members in the cluster. More information
-  on the format of the keyring file can be found below in the examples section.
+  rotations had been initiated by other members in the cluster. If left blank, the
+  keyring will not be persisted to a file. More information on the format of the
+  keyring file can be found below in the examples section.
 
   NOTE: this option is not compatible with the `-encrypt` option.