Re: Salsa token and privacy
- Date: Tue, 7 Aug 2018 20:04:16 +0200
- From: Bastian Blank <waldi@xxxxxxxxxx>
- Subject: Re: Salsa token and privacy
On Mon, Aug 06, 2018 at 05:05:24PM +0000, PICCA Frederic-Emmanuel wrote:
> I was using a nitrokey pro + gpg-agent in order to connect via ssh to the debian infrastructure.
> Now that we have salsa, it seems that the way to go is to use salsa token in order to automake a bunch of tasks.
You can still use SSH to do repository operation. But I don't know what
kind of automation you are doing.
> So now I need to put somewhere on a disk my salsa token, in fact on every computer where I want to use this token.
> And it means a lot.
You talked about automation. Such tasks usualy run on a pre-defined
system. So I don't know why you need to have the credentials for this
task on many computers.
> I would like to have something like the previous setup where all my private information are stores on the nitrokey.
You can always use the encryption key functionality to decrypt the
> do you know if the salsa api (in fact gitlab api) can be access more securely than via a token which is copied multiple times everywhere.
Yes, you restrict token to the job, so you don't need to copy them
> and if not how are you dealing with this ?
We usualy deal with problems by describing them and not try to fit a
already finished solution into the framework; this is described as XY
It would seem that evil retreats when forcibly confronted.
-- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5