DevOps Stack Exchange
DevOps Stack Exchange

Questions tagged [key-management]

6 questions
8
votes
3 answers

Running unmanaged Hardware Security Modules (HSMs) in the Cloud

I have to admit to never having asked, or been asked, the question if it is possible to have a Hardware Security Module in a public cloud, by which I mean Google, Amazon or Azure. Has anyone found any techniques for enabling organizations to use…
Richard Slater
  • 11,747
  • 7
  • 43
  • 82
5
votes
1 answer

docker compose & azure key vault - passing secrets to a container on startup

I am using docker-compose to create 5 containers that run my application. Two containers need credentials retrieve from Azure Key Vault (web.config passwords to access 3rd party service). As I am committing this to a public repo I do not want to…
Chris McKelt
  • 181
  • 1
  • 1
  • 7
3
votes
1 answer

How do I automate population of known_hosts and authorized_keys?

This is a question that may be easier answered on askubuntu or, perhaps, serverfault, but it arises in the context of automated provisioning, so I figured that it's more appropriate here. I am spinning up a multi-machine environment in vagrant, e.g.…
LLlAMnYP
  • 285
  • 1
  • 9
2
votes
2 answers

How to SSH from Jenkins node to Jenkins node safely?

We have a Jenkins Job that builds something on node A and then needs to SCP it to node B. You can just put the SSH keys for node B on Node A, and SCP with an execute shell build step, however I suspect that keeping SSH keys on a Jenkins node is a…
Uberhumus
  • 297
  • 4
  • 15
1
vote
2 answers

Is there a way to exclusively manage multiple ssh keys with differing per-key options using ansible?

Ansible provides a ansible.builtin.authorized_key module which provides a lot of functionality: You can set exclusive: true to delete all other keys. You can set key_options: .... You can list multiple keys in key by separating them with new…
Helmut Grohne
  • 165
  • 1
  • 7
0
votes
0 answers

Secrets Managers and 12Factor app

I'm pretty new to all this so I am trying to get my bearings a bit. The 12Factor app states that all config should be done by environment variables - this includes secrets. I've seen various back and forths about if it is safe to store secrets in…
Birdalicious
  • 1