We have a custom server setup with our indispensable code stored in git repositories. All currently configured servers use the SSH key from our management server for access. However, I would like to include the key in alternative git repositories (encrypted in the repository). I would like to do it like:
1) If our irreplaceable server had ever been hacked / had a fatal hard disk crash / some other failure, we would not have to generate a new ssh key and copy it to each irreplaceable server before we could run the tasks again
2) It looks like it should be in the repositories, as this is part of the setup / configuration for accessing the servers
3) We have other data stored in the repository, and you need to enter one password for the repository, and the other for the SSH passphrase is a pain
We looked at the encoding of the user task to do this by creating a temporary file on disk, but it looks like it should be inline. I also like how the built-in decryption only contains files in ram. Another problem was that we could not find a method that would be guaranteed to be executed in the event of a failure, and so clean up the temporary file we created (it seems to provide a block in programming).
Is there a safe way to use the ssh vaulted key? Or, if it is not, just ask for the ssh passphrase in advance?
source
share