stafwag
commented
4 months ago In the discussion:
https://github.com/semaphoreui/semaphore/discussions/1942 "Security private keys", it is mentioned that semaphore uses an internal ssh-agent to connect to semaphore internal keystore.
To integrate with existing hardware token/hsm or vault. It's nice that it is possible to use an external ssh-agent/config for the ansible playbook execution or git checkout.
This would allow to use hardware token (smartcards, HSM, gpg, integrate with other vaults ) for the authentication.
Hi,
I like semaphore, but one of the missing features is the integration with hardware security tokens. I look at the documentation and I don't see a way to implement this with semaphore. If it's support also fine to redirect my to the documentation.
With a HSM or smartcard, the private can remain on the hardware token using the PKCS11 library. Normally this is implemented by adding the next lines to the ssh config.
And using a ssh-agent (ssh-add) to connect to the systems without a passphrase.
Having support for a ssh-agent / pkcs11 would help to get semaphore implemented in environments with higher security requirements.