Web lists-archives.com

Re: Salsa token and privacy




On Mon, Aug 06, 2018 at 05:05:24PM +0000, PICCA Frederic-Emmanuel wrote:
> I was using a nitrokey pro + gpg-agent in order to  connect via ssh to the debian infrastructure.
> Now that we have salsa, it seems that the way to go is to use salsa token in order to automake a bunch of tasks.

You can still use SSH to do repository operation.  But I don't know what
kind of automation you are doing.

> So now I need to put somewhere on a disk my salsa token, in fact on every computer where I want to use this token.
> And it means a lot.

You talked about automation.  Such tasks usualy run on a pre-defined
system.  So I don't know why you need to have the credentials for this
task on many computers.

> I would like to have something like the previous setup where all my private information are stores on the nitrokey.

You can always use the encryption key functionality to decrypt the
token.

> do you know if the salsa api (in fact gitlab api) can be access more securely than via a token which is copied multiple times  everywhere.

Yes, you restrict token to the job, so you don't need to copy them
around.

> and if not how are you dealing with this ?

We usualy deal with problems by describing them and not try to fit a
already finished solution into the framework; this is described as XY
problem[1].

Bastian

[1]: https://en.wikipedia.org/wiki/XY_problem

-- 
It would seem that evil retreats when forcibly confronted.
		-- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5