On Tuesday, April 8, 2014 11:33:14 AM UTC+3, Dag Wieers wrote: > > On Mon, 7 Apr 2014, anatoly techtonik wrote: > > > Is it technically possible to encrypt some sensitive data using > available > > SSH public key, so that only the owner of private key could read them > with > > the help of SSH agent? > > > > Why? > > 1. No need to remember one more password. > > 2. No need to send the password to a person who needs to read the file. > > 3. No need to run one more agent. > > That is an interesting idea :) It would mean as a team you would need to > add a specific (team) key to your agent (and ensure this key is > suficiently protected) in order to execute the playbook. > > So some way to test if the key is loaded before starting the playbook (or > as part of the playbook) would be useful. >
The initial idea was to have the same data encrypted by multiple keys, so that any from the team can open it, and you don't need to give everybody some team key or team password - just add all public keys to the chain. Of course this is possible only when the basic problem of reusing SSH agent for decryption can be solved. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dc2ac9d7-c7dd-476c-a95e-7e8485f78b42%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
