Key management with puppet dolls-vcsrepo

Question

Key management with puppet dolls-vcsrepo

I am configuring the server configuration in my company, and we have some internal repositories that run through ssh through bzr, which I need to get. I wanted to use puppet-vcsrepo to pull them out, and I saw that he has a way to use the key file to get what we want. What is the best way to do this?

I'm probably going to make a user account for each of us, but do I need to put my private key in the puppet as a file, and then transfer it? How to manage keys inside a doll so that I can check ssh repositories without using a username and password?

Here is a link to the information: https://github.com/puppetlabs/puppetlabs-vcsrepo/blob/master/README.BZR.markdown

He says that he manages the keys with a puppet, but I could not find exactly what I needed to know in order to properly manage the keys.

+8

git bazaar puppet private-key

Allen Aug 08 '12 at 5:53

source share

1 answer

mestachs · Accepted Answer · 2013-12-26T07:19:25+0000

Don't know much about BZR ... will answer as if it were a git / github question

If you use github, use deploy keys (readonly access, easily revokable access), not the developer key.
Can you manage the key by copying them to ~ / .ssh and setting up ssh to use it?

file { '/user/home/.ssh/id_rsa-github-mycompany' : ... # access right .... }

vcsrepo { "/path/to/repo": ... require => File[ '/user/home/.ssh'] }

you may need tweek also .ssh / config to use this authentication file and change the git repository host name

 Host github-mycompany-project HostName github.com User git PreferredAuthentications publickey IdentityFile ~/.ssh/id_rsa-github-mycompany IdentitiesOnly yes

Another option uses exec and git_ssh_wrapper instead of vcsrepo?

Key management with puppet dolls-vcsrepo

More articles: