Support "salt://path_to_keyname" ssh_key definition in users:"user name":ssh_keys:"privkey|pubkey" pillar data

saltstack-formulas / users-formula

Configure users via pillar

http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html

Other

99 stars 361 forks source link

Support "salt://path_to_keyname" ssh_key definition in users:"user name":ssh_keys:"privkey|pubkey" pillar data #168

Closed konstest closed 6 years ago

konstest commented 6 years ago

Hi I don't want to show private part ssh key into pillar data. I offer this feature.

Pillar example:

users:
  user_name:
    ssh_keys:
      privkey: salt://path_to_PRIVATEKEY
      pubkey: salt://path_to_PUBLICKEY

EvaSDK commented 6 years ago

As far as I remember, using salt file server to store secrets is a bad idea because any minions could requests files from it without restrictions which is why you would put secrets in pillars. Since you want to store them another way, maybe you want to use sdb instead ?

noelmcloughlin commented 6 years ago

Hi @konstest please look at sdb as suggested, and raise new PR if practical.