principlegitMinor
Ansible - private git repositories - SSH agent forwarding vs copying private SSH key
Viewed 0 times
agentprivaterepositoriescopyinggitforwardingsshansiblekey
Problem
I recently started playing around with Ansible and it seems very nice. I don't have much experience in DevOps stuff and never really had to handle any complex scenarios. I started creating my Ansible playbook to replace my current deployment tool - Deployer PHP. I'm stuck at cloning git repository unfortunately. Now, I know I need a public key added to enable access to git repository and here comes my question.
Should I be using SSH agent forwarding (this way I can use my local SSH keys) or should I store private SSH key (encrypted, added to source control) within my ansible project and copy it using Ansible to my target node? I know the question may be very broad, so what interests me is security implications of both approaches.
Should I be using SSH agent forwarding (this way I can use my local SSH keys) or should I store private SSH key (encrypted, added to source control) within my ansible project and copy it using Ansible to my target node? I know the question may be very broad, so what interests me is security implications of both approaches.
Solution
You can also consider to encrypt the file containing your private SSH key using Ansible Vault.
Some links:
http://docs.ansible.com/ansible/latest/playbooks_vault.html
https://therealmarv.com/ansible-vault-file-handling/
https://www.calazan.com/how-to-deploy-encrypted-copies-of-your-ssl-keys-and-other-files-with-ansible-and-openssl/
Some links:
http://docs.ansible.com/ansible/latest/playbooks_vault.html
https://therealmarv.com/ansible-vault-file-handling/
https://www.calazan.com/how-to-deploy-encrypted-copies-of-your-ssl-keys-and-other-files-with-ansible-and-openssl/
Context
StackExchange DevOps Q#2030, answer score: 4
Revisions (0)
No revisions yet.