On Monday, February 3, 2014 at 21:59, Curtis Stewart wrote:
Thanks for the response, Arnold, I agree with your comments below about the ‘fleshy’ users.In regard to the other users, like a deploy user with access to a private git repo, do you store those keys in your repository as plain text?CurtisOn Feb 3, 2014, at 3:32 PM, Arnold Krille < < ">mailto: >> wrote:On Mon, 3 Feb 2014 21:06:54 +0000 Curtis Stewart< < ">mailto: >> wrote:I’m currently using the opscode-cookbooks/users cookbook to deploysystem users.The users_manage resource uses data bags to deploy users, and thisdoes allow you to set an ‘ssh_private_key’ attribute, however, Idon’t want to store our private keys as plain text in our repository.My plan is to use ChefVault to deploy users private keys (encrypteddata bags and a template/file resource), after the users have beencreated with the users_manage resource.Does anyone have suggestions for a better method, or best practicefor this case?Why should your users hand their private keys to you as the admin tofeed it into some automated system???The users (the fleshy ones) will give you their public keys to includeon machines so they don't need passwords when ssh-ing.The private keys you store in chef is for automated things likedeployments getting source-code from a ssh-accessible git. Or forjenkins-server logging into machines (but even that I did do with ajenkins-cookbook creating the public/private keys and storing just thepublic keys in chef).- Arnold
Archive powered by MHonArc 2.6.16.