README.md: Improve indoctrination steps.
This commit is contained in:
tlimoncelli@stackexchange.com
32
README.md
32
README.md
@@ -324,7 +324,7 @@ If you don't already have a GPG key, here's how to generate one:
|
|||||||
gpg --gen-key
|
gpg --gen-key
|
||||||
```
|
```
|
||||||
|
|
||||||
Pick defaults for encryption settings, 0 expiration. Pick a VERY GOOD passphrase.
|
Pick defaults for encryption settings, 0 expiration. Pick a VERY GOOD passphrase. Store the private key securely. Tip: Store it on a secure machine, or one with little or no internet access, with full-disk-encryption, etc. Your employer problably has rules about how to store such things.
|
||||||
|
|
||||||
Now that you have a GPG key, add yourself as an admin:
|
Now that you have a GPG key, add yourself as an admin:
|
||||||
|
|
||||||
@@ -338,23 +338,41 @@ blackbox_addadmin KEYNAME
|
|||||||
blackbox_addadmin tal@example.com
|
blackbox_addadmin tal@example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
When the command completes successfully, instructions on how to
|
When the command completes successfully, instructions on how to commit these changes will be output. Run the command as given to commit the changes. It will look like this:
|
||||||
commit these changes will be output. Run the command as given. It will look like this:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
NEXT STEP: Check these into the repo. Probably with a command like...
|
|
||||||
git commit -m'NEW ADMIN: tal@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
|
git commit -m'NEW ADMIN: tal@example.com' keyrings/live/pubring.gpg keyrings/live/trustdb.gpg keyrings/live/blackbox-admins.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
Role accounts: If you are adding the pubring.gpg of a role account, you can specify the directory where the pubring.gpg file can be found as a 2nd parameter:
|
Then push it to the repo:
|
||||||
|
|
||||||
```
|
```
|
||||||
blackbox_addadmin puppetmaster@puppet-master-1.example.com /path/to/the/dir
|
git push
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
ht push
|
||||||
|
|
||||||
|
(or whatever is appropriate)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
NOTE: Creating a Role Account? If you are adding the pubring.gpg of a role account, you can specify the directory where the pubring.gpg file can be found as a 2nd parameter: `blackbox_addadmin puppetmaster@puppet-master-1.example.com /path/to/the/dir`
|
||||||
|
|
||||||
|
|
||||||
### Step 2: SOMEONE ELSE adds you to the system.
|
### Step 2: SOMEONE ELSE adds you to the system.
|
||||||
|
|
||||||
Ask someone that already has access to re-encrypt the data files. This gives you access. They simply decrypt and re-encrypt the data without making any changes:
|
Ask someone that already has access to re-encrypt the data files. This gives you access. They simply decrypt and re-encrypt the data without making any changes.
|
||||||
|
|
||||||
|
Pre-check: Verify the new keys look good.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ gpg --homedir=keyrings/live --list-keys
|
||||||
|
```
|
||||||
|
|
||||||
|
For example, examine the key name (email address) to make sure
|
||||||
|
it conforms to corporate standards.
|
||||||
|
|
||||||
|
Import the keychain into your personal keychain and reencrypt:
|
||||||
|
|
||||||
```
|
```
|
||||||
gpg --import keyrings/live/pubring.gpg
|
gpg --import keyrings/live/pubring.gpg
|
||||||
|
|||||||
Reference in New Issue
Block a user