Web lists-archives.com

Re: Salsa token and privacy

On Mon, Aug 06, 2018 at 05:05:24PM +0000, PICCA Frederic-Emmanuel wrote:
> I was using a nitrokey pro + gpg-agent in order to  connect via ssh to the debian infrastructure.
> Now that we have salsa, it seems that the way to go is to use salsa token in order to automake a bunch of tasks.

You can still use SSH to do repository operation.  But I don't know what
kind of automation you are doing.

> So now I need to put somewhere on a disk my salsa token, in fact on every computer where I want to use this token.
> And it means a lot.

You talked about automation.  Such tasks usualy run on a pre-defined
system.  So I don't know why you need to have the credentials for this
task on many computers.

> I would like to have something like the previous setup where all my private information are stores on the nitrokey.

You can always use the encryption key functionality to decrypt the

> do you know if the salsa api (in fact gitlab api) can be access more securely than via a token which is copied multiple times  everywhere.

Yes, you restrict token to the job, so you don't need to copy them

> and if not how are you dealing with this ?

We usualy deal with problems by describing them and not try to fit a
already finished solution into the framework; this is described as XY


[1]: https://en.wikipedia.org/wiki/XY_problem

It would seem that evil retreats when forcibly confronted.
		-- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5