Generating Keys

Required Keys and Tokens for Deployment

Type Name Description
Token token:k3s Token for registering agents with the controller nodes.
Token token:github Token for authenticating to github.com apis.
Token token:gitlab Token for authenticating with gitlab.com apis.
SSH ssh:github, ssh:github.pub Key pair for SSH authentication of github repos.
SSH ssh:gitlab, ssh:gitlab.pub Key pair for SSH authentication of github repos.
SSH ssh:bastion, ssh:bastion.pub Key pair for SSH authentication to bastion node.
SSH ssh:k3s, ssh:k3s.pub Key pair for SSH authentication to k3s nodes.
GPG gpg, gpg.pub Key pair for secret encryption.

Steps for generation :


  1. Get a GitHub personal access token.
    1. Put it in a password manager.
  2. Get a GitLab personal access token.
    1. Put it in a password manager.
  3. Run the security_setup script at /scripts/security_setup.
  4. After the script completes check the following :
    1. SSH key uploaded to GitHub.
    2. SSH key uploaded to GitLab.
    3. Store your SSH passphrases in a password manager.
    4. Store your gpg keys in a password manager. (This is the only way to decrypt your secrets, so make sure you keep it backed up somewhere safe.)

Using your keys after generation :


  1. Decrypt : git secret reveal secrets/*.
  2. Clean up : find secrets/ -type f ! -name '*.secret' -delete
  3. Encrypt a new secret : git secret add <path> && git secret hide && git add <path>.secret
    1. Run the clean up script after, don’t check in anythin but the actually encrypted file.