python-support/python-support-infra
1
0
Fork 0
Code Issues 25 Pull requests Projects 2 Releases Wiki Activity

Use Generated SSH Key Stored in password-store #26

New issue
Open
opened 2023-08-21 14:51:13 +02:00 by so-rose · 0 comments
so-rose commented 2023-08-21 14:51:13 +02:00
Owner
Copy link

We currently use the system SSH client + key. This isn't ideal - it greatly complicates use from within containers (ex. for CI or Windows users), and ties the security of the system directly to the individual developer.

We can use a pre-generated ssh keypair, stored in password-store, instead. This can then be access-controlled using the usual password-store mechanisms.

Ideally #24 would be implemented first, so generating (and expiring!) this secret can be done in a reproducible way.

We currently use the system SSH client + key. This isn't ideal - it greatly complicates use from within containers (ex. for CI or Windows users), and ties the security of the system directly to the individual developer. We can use a pre-generated ssh keypair, stored in `password-store`, instead. This can then be access-controlled using the usual `password-store` mechanisms. Ideally #24 would be implemented first, so generating (and expiring!) this secret can be done in a reproducible way.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v0.1.0
Labels
Clear labels   
availability

Something that can increase the uptime of services in a particular situation.

  
bug

Something is not working, or not working right.

  
deployment-usability

Related to the usability of the deployment method itself.

  
duplicate

This issue or pull request already exists

  
enhancement

Proposed enhancement or feature.

  
help-wanted

Issue that needs help in order to be understood or tackled.

  
question

More information is needed

  
security

Related to the security or privacy of the system.

  
stack-auth

Related to the auth stack.

  
stack-chat

Related to the chat stack.

  
stack-cleanup

Related to the cleanup stack.

  
stack-git

Related to the git stack.

  
stack-mesh

Related to the mesh stack.

  
stack-site-support

Related to the site-support stack.

  
wontfix

This won't be fixed, either by design, or due to other issues.

No labels
availability
bug
deployment-usability
duplicate
enhancement
help-wanted
question
security
stack-auth
stack-chat
stack-cleanup
stack-git
stack-mesh
stack-site-support
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Refactor and Cleanup
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: python-support/python-support-infra#26
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?