terraform-aws-gitlab-runner
terraform-aws-gitlab-runner copied to clipboard
cattle-ops
Using fleet without private key path injected into user-data script
Describe the issue
When using fleet mode, a ssh private key is injected into the main runner via user-data
This is being flagged out as a security risk.
What i hope to have
When using fleet mode, user-data will not have a private key in string, if ssh key pair is required for docker+machine, retrieve it via key_pair instead.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Let's tackle this one. Yes, having the private key in the user data is not good.
How can we retrieve the private key on the machine? The aws_key_pair doesn't have it. Sounds like we have to store it somewhere else (ssm parameter) to be able to load it later.
https://github.com/cattle-ops/terraform-aws-gitlab-runner/blob/286de13b3fa7a3cb8188ce83b9a2afd9e209f157/docker_machine_fleet.tf#L10 will be removed with the docker+machine