git - Ansible SSH private key in source control? -

-

i have been developing ansible playbook couple of weeks, therefore, experience such technology relatively short. part of strategy includes using custom ansible_ssh_user provisioning hosts throughout inventory, however, such user need own ssh key pair, involve sort of plan holding/storing correspondent private key. on production environment, playbook cloned/pulled , run inside playbook node role provision rest of infrastructure.

at first, thinking put private key inside playbook git repository, having second thoughts nonetheless, because of obvious security reasons , common sense around it, hence reason need consult matter.

with set on table, here follow-up questions:

  • in ansible-based development environment, sane/reasonable hold private ssh key in source control?
  • would practice advised only development environments whereas local git branch inside playbook node used hold actual production ssh private key?
  • would better address case scenario via ansible vault instead?, have not ever used before, regardless of cannot yet tell whether proper case using it.
  • in experience, approach around in production environment?, considered best practice in particular scenario?

it's bad idea store kind of plaintext secret in revision control, ssh private keys included. instead, use ansible-vault store private key.

ansible-vault can operate on file type. encrypt file 

ansible-vault encrypt /path/to/local/private_key

then install key:

- name: install private ssh key   vars:     source_key: /path/to/local/private_key     dest_key: /path/to/remote/private_key   tasks:   - name: ensure .ssh directory exists.     file:        dest: "{{ dest_key | dirname }}"       mode: 0700        owner: user        state: directory   - name: install ssh key     copy:        src: "{{ source_key }}"        dest: "{{ dest_key }}"       mode: 0600       owner: user

earlier versions of ansible-vault operate on variables defined in var files, had this:

ssh_key: |   -----begin rsa private key-----   ...   -----end rsa private key----- key_file: /home/user/.ssh/id_rsa

encrypt ansible-vault:

ansible-vault encrypt /path/to/var_file

and install key:

- name: ensure .ssh directory exists.   file:      dest: "{{ key_file | dirname }}"     mode: 0700      owner: user      state: directory  - name: install ssh key   copy:      content: "{{ ssh_key }}"      dest: "{{ key_file }}"     mode: 0600     owner: user

thanks below improved answer comments.


Comments

Post a Comment

Popular posts from this blog

How to run C# code using mono without Xamarin in Android? -

-
i want create program uses mono runtime run c# code (binary not application). i copied libmono.so unity app , i'm write code using documentation: http://www.mono-project.com/docs/advanced/embedding/ and it's working have problems references can access classes mscorlib.dll , have problems system.reflection.assembly class throwing exception, when print console see: system.missingmethodexception: method not found: 'system.reflection.assembly.op_inequality' can fix it? can use mono runtime in c binary on android? ps. i'm using android tests. edit: found solution loading libraries, need set environment variable mono_path libraries path. but have still problems assembly class. the system.missingmethodexception error have seems .net profile mismatch error, 1 explained here . can use mono runtime in c binary on android? yes, using ndk guess. there alternatives can use instead of rolling own, such xmadevlab .
Read more

c# - SharpSsh Command Execution -

-
Image
i trying create ssh client using c#. using tamir.sharpssh library. having issues sending command , getting appropriate response server. the way have been testing sending on ls command, followed cd.. command, followed ls command again -- see whether or not cd.. command being executed properly. however, there no difference between first ls command , second ls command. not entirely sure doing wrong. perhaps using wrong ssh type. have provided code , output getting. have added output expect. using tamir.sharpssh; namespace sshnetexample { class program { static void main(string[] args) { sshexec ssh = null; try { console.write("-connecting..."); ssh = new sshexec(host, username, password); ssh.connect(); console.writeline("ok ({0}/{1})", ssh.cipher, ssh.mac); console.writeline("server version={0}, client versio...
Read more

python - Specify path of savefig with pylab or matplotlib -

-
i struggling on how find correct way specify save path (or repository) when calling function savefig in matplotlib or pylab. i tried several syntaxes, everytime python console returns : filenotfounderror: [errno 2] no such file or directory: '../mydocs/resource/frames/myimage.png' currently, have written following : pylab.savefig('../mydocs/resource/frames/myimage.png') does know how it? thanks in advance! the tilde operator , variable $home entered strings , therefore not function while saving. have provide either relative path (as did) or provide full path. eg. pylab.savefig("/home/username/desktop/myfig.png") .
Read more