[Cialug] Access credentials for new cloud instances
Zachary Kotlarek
zach at kotlarek.com
Mon Jan 23 15:06:16 CST 2012
On Jan 23, 2012, at 8:04 AM, Matthew Nuzum wrote:
> In an environment where you're using dynamic cloud instances (i.e. you spin them up and down as demand grows and ebbs) there is a need for your new instance to talk to your various infrastructure.
Doesn't your cloud host provide a way for you to pass data into the instance as part of the launch request? If there's any such comm channel you could use it either to pass a key to the server directly, or to pass a cookie used to authenticate locally-generated credentials.
Without that kind of comm channel, or some machine auth system provided by the cloud host, you'll need a static key. But that can be less ominous than it sounds -- you can pre-install a user and public SSH key on the instance image, so that your central server can log into it and generate an instance-specific key. Once you have that key exchange done the instance can drive its own setup as before, but logging into the instance to generate the key avoids storing any secrets in your instance image (shared or otherwise).
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20120123/42c40489/attachment.bin>
More information about the Cialug
mailing list