Automate Wireguard Key Generation #19
Labels
No labels
availability
bug
deployment-usability
duplicate
enhancement
help-wanted
question
security
stack-auth
stack-chat
stack-cleanup
stack-git
stack-mesh
stack-site-support
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Depends on
#24 Configs/Secrets Bootstrapping & Management
python-support/python-support-infra
Reference: python-support/python-support-infra#19
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently, we must prepare the
password-store
with pre-generated Wireguard keys pseudo-like this:Save each in
password-store
under<host>_<private|public>_key
.Then, generate a "Pre-Shared Key" for each Peer-Peer:
This is obviously something that should be scripted; ideally in a dedicated Ansible playbook One key is generated per host, as well as one key per possible host interaction (it's a PK problem, yay!). That's a lot of typing.
The trouble is, the secret store is also involved, and must be written to thoroughly. Doing this properly, in a way that doesn't rely on a single developer's secret store, requires #18 to be implemented.