regpg safely store server secrets Tony Finch - - PowerPoint PPT Presentation

regpg
SMART_READER_LITE
LIVE PREVIEW

regpg safely store server secrets Tony Finch - - PowerPoint PPT Presentation

Jan 17, 2024 384 likes •708 views

regpg safely store server secrets Tony Finch <fanf2@cam.ac.uk> <gitmaster@uis.cam.ac.uk> Network Systems (RNB 1N52) Tuesday 21st November 2017 University Information Services agenda Context Demo secrets? keys server?

slide-1
SLIDE 1

regpg

safely store server secrets Tony Finch <fanf2@cam.ac.uk> <gitmaster@uis.cam.ac.uk>

Network Systems (RNB 1N52)

Tuesday 21st November 2017 University Information Services

slide-2
SLIDE 2

agenda Context secrets? server? store? safely? gpg? re? Demo keys secrets recrypt X.509 / TLS Ansible conversion

slide-3
SLIDE 3

secrets

https://www.flickr.com/photos/fuzzy/3196534149

slide-4
SLIDE 4

secrets – encryption

https://richardskingdom.net/wp-content/uploads/2014/04/encrypt-all-the-things.png

slide-5
SLIDE 5

secrets – Shamir / Rivest / Adleman

https://claudiodinardo.com/content/images/2017/08/shamir-rivest-adleman.jpg

slide-6
SLIDE 6

server

https://www.flickr.com/photos/evilnick/183967344

slide-7
SLIDE 7

server – files

https://www.flickr.com/photos/lnx/7297731

slide-8
SLIDE 8

store – not share

https://www.flickr.com/photos/23605686@N05/6921691127

slide-9
SLIDE 9

safely – hazmat containment

https://www.flickr.com/photos/mamboman/3698344360

slide-10
SLIDE 10

safely – situational awareness

https://www.flickr.com/photos/109570752@N02/15118828431

slide-11
SLIDE 11

gpg

https://commons.wikimedia.org/wiki/File:Gnupg_logo.svg

slide-12
SLIDE 12

regpg

https://dotat.at/prog/regpg/

slide-13
SLIDE 13

dependencies prerequisites perl gnupg gnupg-agent pinentry-* helpers ansible git

  • penssl
  • penssh-client

xclip

slide-14
SLIDE 14

check gpg-agent echo $GPG_AGENT_INFO eval $(gpg-agent --daemon)

slide-15
SLIDE 15

install

quick cd ~/bin curl -O https://dotat.at/prog/regpg/regpg home page https://dotat.at/prog/regpg/ supporting documentation distribution tar balls test suite

slide-16
SLIDE 16

generate key Generate a key just for regpg Separate from your other gpg keys (if any) gpg --gen-key Answer the quiz

slide-17
SLIDE 17

generate key – demo

https://www.flickr.com/photos/eugenuity/34113551603

slide-18
SLIDE 18

manage keys addkey addself ⇐ = delkey ⇐ = exportkey importkey lskeys ⇐ =

slide-19
SLIDE 19

manage keys – demo

https://www.flickr.com/photos/bantam10/3068761016

slide-20
SLIDE 20

secrets encrypt ⇐ = decrypt ⇐ = recrypt edit ⇐ = pbcopy pbpaste shred ⇐ = check ⇐ =

slide-21
SLIDE 21

secrets – demo

https://www.flickr.com/photos/zapthedingbat/516726771

slide-22
SLIDE 22

recrypt delkey ⇐ = importkey ⇐ = lskeys ⇐ = recrypt ⇐ = check ⇐ =

slide-23
SLIDE 23

recrypt – demo

https://www.flickr.com/photos/parkstreetparrot/6531496943

slide-24
SLIDE 24

generate TLS / ssh gencsrconf ⇐ = gencsr ⇐ = genkey ⇐ = genpwd

slide-25
SLIDE 25

generate TLS / ssh – demo

https://www.flickr.com/photos/zapthedingbat/516726771

slide-26
SLIDE 26

set up hooks init ⇐ = init git ⇐ = init ansible ⇐ = init ansible-vault

slide-27
SLIDE 27

set up hooks – demo

https://www.flickr.com/photos/walkingsf/8143196966

slide-28
SLIDE 28

converters conv ansible-gpg ⇐ = conv ansible-vault ⇐ = conv stgza

slide-29
SLIDE 29

converters – demo

https://www.flickr.com/photos/eltpics/15367149536

slide-30
SLIDE 30

Questions?

https://www.flickr.com/photos/debord/4932655275