prefer ed25519 keys over rsa (#136)

collective · Apr 1, 2024 · e5f0138 · e5f0138
1 parent 5bda46a
commit e5f0138
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/{{ cookiecutter.project_slug }}/devops/.gitignore b/{{ cookiecutter.project_slug }}/devops/.gitignore
@@ -2,7 +2,7 @@
 .env
 .env_gha
 bin
-etc/keys/*_prod_deploy_rsa
+etc/keys/*_prod_deploy_ed25519
 include
 lib
 lib64

diff --git a/{{ cookiecutter.project_slug }}/devops/README-GHA.md b/{{ cookiecutter.project_slug }}/devops/README-GHA.md
@@ -27,7 +27,7 @@ After setting up the environment, it's time to add secrets. These are sensitive
 | DEPLOY_HOST | {{ cookiecutter.hostname }} | The hostname or IP address of your Docker Swarm manager. |
 | DEPLOY_PORT | 22 | The SSHD Port. |
 | DEPLOY_USER | plone | The user to connect to the deploy host, with permissions to run Docker commands. |
-| DEPLOY_SSH  | Contents of `devops/etc/keys/plone_prod_deploy_rsa` | The private SSH key used for connection. The corresponding public key should be in the `~/.ssh/authorized_keys` file of the deployment user. |
+| DEPLOY_SSH  | Contents of `devops/etc/keys/plone_prod_deploy_ed25519` | The private SSH key used for connection. The corresponding public key should be in the `~/.ssh/authorized_keys` file of the deployment user. |
 | ENV_FILE    | Contents of `devops/.env_file_gha` | The file containing environment variables used by the stack file. |
 
 ### Step 3: Add Repository Variables 📚

diff --git a/{{ cookiecutter.project_slug }}/devops/playbooks/setup.yml b/{{ cookiecutter.project_slug }}/devops/playbooks/setup.yml
@@ -40,8 +40,8 @@
             name: "{{ users.default.name }}"
             shell: /bin/bash
             generate_ssh_key: true
-            ssh_key_bits: 4096
-            ssh_key_file: .ssh/id_rsa
+            ssh_key_file: .ssh/id_ed25519
+            ssh_key_type: "ed25519"
 
         - name: "Allow user {{ users.default.name }} to sudo without password"
           ansible.builtin.copy:
@@ -54,10 +54,10 @@
         - base
         - ssh
       block:
-
         - name: "SSH: Generate a deployment key"
           community.crypto.openssh_keypair:
-            path: ../etc/keys/{{ users.default.name }}_prod_deploy_rsa
+            path: ../etc/keys/{{ users.default.name }}_prod_deploy_ed25519
+            type: "ed25519"
           delegate_to: localhost
           become: false
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,7 @@ @@
     .env
     .env_gha
     bin
-    etc/keys/*_prod_deploy_rsa
+    etc/keys/*_prod_deploy_ed25519
     include
     lib
     lib64
@@ Expand Down @@