Yeah, it's a bit of an outlier workflow but I figured I'd ask. The deafening silence indicates it's probably not a use-case we need to treat specially.
--eric0 On Sat, Mar 31, 2018 at 12:23 PM, Michael Watters <[email protected]> wrote: > I've done this for a few nodes but I'm not sure how this would be an > improvement over just enabling autosign. Private keys should remain > private to a node and should never be transmitted over the network if > possible. > > On Wednesday, March 28, 2018 at 3:10:35 PM UTC-4, Eric Sorenson wrote: >> >> Is anybody out there pre-generating certificates for your agents? I've >> heard whispered tales of some folks doing this but we're starting work on >> improving the CA / signing / revocation workflow and it'd be great to talk >> to somebody directly. The workflow would be using 'puppet cert generate' on >> the master/CA then distributing both the private key and the resulting >> certificate in some secure, out-of-band mechanism (cloud-init?) to the >> nodes, so the agent finds the CA cert as well as its own key/cert pair >> ready and waiting when it starts up, bypassing the CSR >> generation/submission completely. >> >> --eric0 >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/puppet-users/rmC7RsQEUwU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/7a75eaf6-b71a-4b34-9b76-fe6dbf6f96fd%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/7a75eaf6-b71a-4b34-9b76-fe6dbf6f96fd%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANDjyOucHVejmfGR7%3D6MXNxrZRvkJOHq%2BiThm7LOAMG%2BU%3Dqg8w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
