#1 By: Martijn Gastkemper, June 3rd, 2014 08:42
I want to make an app that does server management via SSH. I'm connecting with public key authentication and execute some commands to deploy or upgrade apps. I have to store the keys in my app, but I don't want to add those files to my repo. I have tried StreamWrapper, but the function ssh2_auth_pubkey_file only accepts files, no other schema's. Does anyone have a smarter solution than put the config vars in a file while the app is compiled?
#2 By: David Zuelke, June 4th, 2014 08:43
There is not really any other way; you can of course also do it at runtime instead of at compile time.
The secret that protects the private key will of course not have to be added to the repo, so that already provides some level of security.
#3 By: Martijn Gastkemper, June 4th, 2014 11:10
Storing the secret that protects the private key is a good idea. But I'm going to store the private key in config vars, because it's easier to maintain.