Hello all.
What's the recommended way to deploy (or re-deploy) security-sensitive
objects (just to say one: private ssh key to avoid client warnings when
redeploying a server)?
TIA
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bo
Hello,
I would be very interested if you find any solutions. By design, the FAI config
space has to be somewhere where it is accessible without access control
(anonymous NFS or whatever), and everything within it obviously has to be
readable.
I guess you will need to find other solutions. As f
Hi all,
What's the recommended way to deploy (or re-deploy) security-sensitive
objects (just to say one: private ssh key to avoid client warnings
when redeploying a server)?
One solution that comes to my mind is to generate a local GPG key and
then authorize it for using a pass store
(https:
Hey,
On Tue, 2022-12-13 at 14:47 +0100, Diego Zuccato wrote:
> What's the recommended way to deploy (or re-deploy) security-
> sensitive
> objects (just to say one: private ssh key to avoid client warnings
> when
> redeploying a server)?
For things like ssh host keys I have a command that we ru
Tks.
Too bad I fear it's not applicable to my scenario.
First because the network is public. Second because ssh is just one of
the secrets I have to distribute (others are usually SaltStack key and
Gluster certificate).
I'm thinking that probably this is one of the few cases where a TPM is
actu
