keypair management best practices

asked 2016-08-11 02:38:30 -0600

gabhijit gravatar image

updated 2016-08-11 03:39:50 -0600

iGene gravatar image

Dear All,

I am trying to understand - what may be best practices for managing Keypairs for an instance. Typically let's say we have a dozen instances all of them can potentially share a keypair. Basically for a third-party software like guacamole - to be able to access the private key what are recommended choices? Basically, all of this is to be done automatically through some orchestration code with no user intervention. For instance, some choices that come to mind include -

  1. Basically save the private key securely in Swift Object storage (but in a deployment, just deploying 'swift' object store just for storing key-pairs is certainly an overkill).
  2. Write a simple application where the orchestration code stores the keypairs (that runs on say guacamole server) and then use those (this way 1. is avoided - but new code - and it's baggage).

Any inputs including pointers to existing code are greatly appreciated.

edit retag flag offensive close merge delete