With this change, the location of the secret SSH key can be configured
through ${RAD_HOME}/config.json so that the node key does not have to
be placed under ${RAD_HOME}/keys anymore.
Further, there is now an option to override config.json directly when
executing radicle-node via the command line argument
--secret.
The primary motivation is more flexible deployments, for example leveraging external secret management solutions, like https://systemd.io/CREDENTIALS/.
In order to get this implemented, I had to make modifications
to the keystore in radicle-ssh.
With this change, the location of the secret SSH key can be configured
through ${RAD_HOME}/config.json so that the node key does not have to
be placed under ${RAD_HOME}/keys anymore.
Further, there is now an option to override config.json directly when
executing radicle-node via the command line argument
--secret.
The primary motivation is more flexible deployments, for example leveraging external secret management solutions, like https://systemd.io/CREDENTIALS/.
In order to get this implemented, I had to make modifications
to the keystore in radicle-ssh.
Updates after initial review by Fintan:
- Don’t implement
DefaultforKeys. - Bring back
keys(). - Add
Home::default_keys(). - Introduce constant string for
".radicle". - Fix
radicle-httpdtests.
Minor changes to previous revision.
More rusty fingerprint check.
Another round of review by Fintan.
Forgot to work in some review comments…
Trivial rebase.
Rebase
Another round of review. Rebase.
LGTM :)
Fixes after review. Tests are broken.
Pulled out the changes to CLI testing. They are now in rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/patch/12bc8517149547b24ccdc10def80ee34ec9368cc.
Rewrite the whole thing. It’s much cleaner now.
REVIEW: see commits
- Apply most of Fintan’s suggested changes.
- Improve documentation, hopefully answering Fintan’s questions.
Rebase
Rewrite
Add tests, polish.
Changes:
- Fix clippy warning in test scenario