{"id":15517024,"url":"https://github.com/deric/puppet-pubkey","last_synced_at":"2025-04-23T04:29:41.341Z","repository":{"id":65886471,"uuid":"601649490","full_name":"deric/puppet-pubkey","owner":"deric","description":"Generate ssh key pair and exports public key","archived":false,"fork":false,"pushed_at":"2024-08-05T10:59:52.000Z","size":135,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-16T13:36:45.021Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deric.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-14T14:21:50.000Z","updated_at":"2024-08-05T10:59:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"db09eac8-d53d-4035-b3d9-a429a81d9bea","html_url":"https://github.com/deric/puppet-pubkey","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deric%2Fpuppet-pubkey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deric%2Fpuppet-pubkey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deric%2Fpuppet-pubkey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deric%2Fpuppet-pubkey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deric","download_url":"https://codeload.github.com/deric/puppet-pubkey/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250371040,"owners_count":21419515,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-02T10:10:54.234Z","updated_at":"2025-04-23T04:29:41.000Z","avatar_url":"https://github.com/deric.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# puppet-pubkey\n\n[![Puppet Forge](http://img.shields.io/puppetforge/v/deric/pubkey.svg)](https://forge.puppet.com/modules/deric/pubkey)\n[![Tests](https://github.com/deric/puppet-pubkey/actions/workflows/test.yml/badge.svg)](https://github.com/deric/puppet-pubkey/actions/workflows/test.yml)\n\nPuppet module that allows generating ssh key pair and exchanging the public key via exported Puppet resource.\n\n## Usage\n\nAs simple as:\n\n```puppet\npubkey::ssh { 'bob_rsa': }\n```\nwill generate `/home/bob/.ssh/id_rsa` key with default size and export the public key `/home/bob/.ssh/id_rsa.pub`.\n\nAuto-detection expects name in format `{username}_{type}`.\n\n## Parameters\n\n - `generate` Whether missing key should be generated (default: `true`)\n - `user` account name under which we will store the ssh key\n - `type` ssh key type one of: `dsa`, `rsa`, `ecdsa`, `ed25519`, `ecdsa-sk`, `ed25519-sk`\n - `home` user's home directory, assuming .ssh is located in $HOME/.ssh\n - `prefix` custom key file prefix for the ssh key file (default: `id`)\n - `comment` ssh key's comment\n - `size` number of bits for generated ssh key\n - `tags` optional tags added to the exported key\n - `export_key` whether export the generated public key as `ssh_authorized_key` (default: `true`)\n - `path` standard unix path to look for ssh-keygen\n - `hostname` that will be part of exported resource (default: FQDN fact)\n - `separator` A character for user and key type auto-detection (default: `_`)\n\nSsh key type depends on `ssh-keygen` version, see `ssh-keygen --help` for list of supported types on your system.\n\n\n## Advanced configuration\n\nOptionally provide override any parameter\n```puppet\npubkey::ssh { 'alice_key':\n  user       =\u003e 'alice',\n  type       =\u003e 'ed25519',\n  home       =\u003e '/home/alice',\n  comment    =\u003e 'alice_ed25519@foo.bar',\n  hostname   =\u003e 'foo'\n  export_key =\u003e false,\n  tags       =\u003e ['tag_users', 'bar'],\n}\n```\nThe key will be exported as `alice_key@foo` (suffix is taken from the `hostname` parameter). In order to import the key on other machine use e.g.:\n\n```puppet\nSsh_authorized_key \u003c\u003c| tag == \"tag_users\" |\u003e\u003e\n```\n\nAll Puppet variables are documented in [REFERENCE.md](./REFERENCE.md).\n\n## How does this work?\n\nOn the first run `ssh-keygen` is executed, if the desired ssh key pair doen't exist yet.\n\nPuppet compiles code remotely, on a puppetserver. Which means that the local files are not available at the compile time. Local files (like public ssh keys) can be accessed from Facter code that is evaluated before applying the Puppet catalog. However Facter doesn't accept any arguments, so we don't know which keys to load before evaluating the Puppet code. An intermediate cache file `/var/cache/pubkey/exported_keys` is used to store location of exported keys. During next run the keys are fetched and exported under `pubkey` fact.\n\nExported ssh keys are stored as hierarchical fact. See `facter --puppet -y pubkey`\n\n```yaml\npubkey:\n  bob_ed25519:\n    comment: \"bob_ed25519\"\n    key: \"AAAAC3NzaC1lZDI1NTE5AAAAIHBqbh2bZtW2jyX5BnsbAahP3KwGSVKVisggLDqJKnkQ\"\n    type: ssh-ed25519\n```\n\nFrom Puppet code the key is available via `$fact['pubkey']['bob_ed25519']['key']`.\n\n## Limitations\n\nTwo consecutives Puppet runs are required to export the key. During the first run ssh key will be generated, during the second one it will be fetched from disk, exported and available as a fact.\n\n## Dependencies\n\n`ssh-keygen` needs to be installed on the system.\n\nModule dependencies:\n\n  - [puppetlabs/stdlib](https://github.com/puppetlabs/puppetlabs-stdlib)\n  - [puppetlabs/sshkeys_core](https://github.com/puppetlabs/puppetlabs-sshkeys_core)\n\n## Acceptance test\n\nRun with specific set:\n\n```\nBEAKER_destroy=no BEAKER_setfile=debian10-64 bundle exec rake beaker\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fderic%2Fpuppet-pubkey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fderic%2Fpuppet-pubkey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fderic%2Fpuppet-pubkey/lists"}