In an IAC world, it is likely that terraform, system users with public/private key credential are set up and the private key is placed in a named, say, an Azure KeyVault (as a secret), as AWS Secret Manager or similar.
On the assumption that one has access to the secret store, it would be good to be able to supply as pat of the connection add the name/type of the (supported) secret store, and secret name, and have the cli pull that secret systematically at runtime.
Context
It is not best security practice to keep the private keys as files on the file system.
It also does not allow a solution that easily scales across multiple developers. Once the key is in the key store, they can be accessed on demand.
Note: we need to use KeyVault Secrets as there is no way to retrieve the private key, from a Key Vault Key resource. It is assumed the same issue exist with other Key Stores.
sfc-gh-turbaszek
commented
2 months ago
Description
In an IAC world, it is likely that terraform, system users with public/private key credential are set up and the private key is placed in a named, say, an Azure KeyVault (as a secret), as AWS Secret Manager or similar.
On the assumption that one has access to the secret store, it would be good to be able to supply as pat of the
connection addthe name/type of the (supported) secret store, and secret name, and have the cli pull that secret systematically at runtime.Context
Note: we need to use KeyVault Secrets as there is no way to retrieve the private key, from a Key Vault Key resource. It is assumed the same issue exist with other Key Stores.