jhunt
commented
6 years ago This only helps people who are using credhub, no?
Closed rkoster closed 6 years ago
jhunt
commented
6 years ago This only helps people who are using credhub, no?
rkoster
commented
6 years ago the above example only uses the bosh cli with --vars-store. So no credhub used. Would this conflict with genesis?
jhunt
commented
6 years ago Oh, now I see. You want to change the property to store the public key, not the private key?
The only concern I have is that that requires people not using BOSH variables (yes, they do exist, no they don't all want to upgrade) to run the ssh-keygen -yf themselves.
As long as we document that, I don't see a problem; we should probably change the name of the property and just deprecate use of the agent.key with a raised warning or something.
jhunt
commented
6 years ago I'll try to take a look at implementing this later today or tomorrow.
https://github.com/starkandwayne/shield-boshrelease/blob/master/manifests/shield.yml#L43-L44
by switching from rsa to ssh we can get the proper format for the public_key this would allow us to no longer supply private keys to the agent (currently the public_key is calculated during startup).