Open aidansteele opened 6 years ago
Question: Should the lkp host
command assume that the instance's keypair is the CA pubkey, or should it only use the pubkey returned by the Lambda?
If it uses the one of the Lambda then that would make rotations easier as you could ... potentially.. schedule the host signing periodically?
I like your thinking
When instances do an
lkp host
setup, it could install both the "active" CA pubkey and an "inactive" one (or more) ready for rotation when the time comes.