cloud-init icon indicating copy to clipboard operation
cloud-init copied to clipboard
verified publisher icon canonical

[enhancement]: support signed and encrypted userdata

Open holmanb opened this issue 1 year ago • 1 comments

Enhancement

cloud-init supports various user-data formats

Many user requests have been raised around the issue of knowing whether a network or provider can be trusted and how to get a configuration securely to an instance.

Signed userdata

Provide the ability to allow users to add a public key to a base image which would validate the signature of a user-data payload. A payload which does not have the correct signature would not be processed.

Encrypted userdata

Provide the ability to allow users to add a private key to a base image which would decrypt an encrypted user-data payload.

This would allow the user to get secrets onto a system securely.

holmanb avatar Feb 22 '24 23:02 holmanb

https://github.com/canonical/cloud-init/pull/5599

TheRealFalcon avatar Oct 10 '24 18:10 TheRealFalcon