Snippets Groups Projects

Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.

Verified Commit 27553ab3 authored 3 months ago by Kristian Klausen

Remove the WG private keys from the vault and store them only on the servers

With the support for network.wireguard.* credentials[1] in systemd
v256[2], we can now easily avoid storing the credentials centrally in
our ansible vault, which is preferable as it makes the private keys less
exposed. It may also make fine-grained access easier in the future[3] as
there is no longer a vault file for each server.

All the keys have been rotated and the new private keys are only stored
on the servers.

[1] https://github.com/systemd/systemd/pull/30826
[2] https://github.com/systemd/systemd/releases/tag/v256
[3] #64

parent 6d39c3c6

Branches keycloak-password-reset-time

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 11 additions and 92 deletions

Kristian Klausen @klausenbusk
mentioned in commit 2f9c41ab
· 2 weeks ago

mentioned in commit 2f9c41ab

mentioned in commit 2f9c41ab0ac57c66800245c19e09355342067c17

Toggle commit list

Please register or to comment