It's been suggested that vault be taught to use GPG keys in addition to passwords, which is something I'm open to.
No pull requests have been submitted just yet - unless I'm misremembering. Not against the option, by any means. (Using SSH keys feels a little weird?) On Tue, Apr 8, 2014 at 3:21 PM, Maciej Delmanowski <[email protected]>wrote: > You can encrypt data using GPG keys for multiple recipients - each > recipient can access the data using his/her GPG key. GPG keys can also be > used to authorize SSH access via Monkeysphere Project. - > http://web.monkeysphere.info/. > > > 2014-04-08 21:19 GMT+02:00 anatoly techtonik <[email protected]>: > > On Tuesday, April 8, 2014 11:33:14 AM UTC+3, Dag Wieers wrote: >>> >>> On Mon, 7 Apr 2014, anatoly techtonik wrote: >>> >>> > Is it technically possible to encrypt some sensitive data using >>> available >>> > SSH public key, so that only the owner of private key could read them >>> with >>> > the help of SSH agent? >>> > >>> > Why? >>> > 1. No need to remember one more password. >>> > 2. No need to send the password to a person who needs to read the >>> file. >>> > 3. No need to run one more agent. >>> >>> That is an interesting idea :) It would mean as a team you would need to >>> add a specific (team) key to your agent (and ensure this key is >>> suficiently protected) in order to execute the playbook. >>> >>> So some way to test if the key is loaded before starting the playbook >>> (or >>> as part of the playbook) would be useful. >>> >> >> The initial idea was to have the same data encrypted by multiple keys, so >> that any from the team can open it, and you don't need to give everybody >> some team key or team password - just add all public keys to the chain. >> >> Of course this is possible only when the basic problem of reusing SSH >> agent for decryption can be solved. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/dc2ac9d7-c7dd-476c-a95e-7e8485f78b42%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/dc2ac9d7-c7dd-476c-a95e-7e8485f78b42%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAEnKK1xb4T%3DkU7Z15CPLmFdtApL9zWZH4WYqYfTTW4NVc0i3yQ%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAEnKK1xb4T%3DkU7Z15CPLmFdtApL9zWZH4WYqYfTTW4NVc0i3yQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEVJ8QPVHG_1Ai2HXJODK-BDe7HUu%2BOQ%3DzY%3DJZziLUBYTEv71Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
