14

Today’s DevOps public service announcement... don’t test your server provisioning scripts locally. Especially when this gem is in there:

rm -f ~/.ssh/id_rsa
echo ‘vault secret/ssh_key’ > ~/.ssh/id_rsa

Well, I no longer have my key, but the script works! I’m sitting with a very locked down server key

Comments
  • 3
    [cringes in pain]
  • 1
    😬
  • 2
    Good God, why did you not do a simple 'cp -a id_rsa -- delete_me' first? I'm so paranoid about deleting something important that I have several tiers of backup folders, just in case.
  • 0
    @bezorp they were expendable servers, all made with Packer, Puppet, and Terraform. Nobody cared , and the goal was to clear out any possibility that old rsa keys existed before pulling the latest. Truthfully, the script was stupid because that file never existed in a perfect world as the server was brand new. I’m the stupid one who ran it on my laptop without looking through it first. I’m also the stupid one who added that damn line of code months ago but forgot it was there. I think I’m also never going to use the default “id_rsa” name again, my new key will just be named something different from the start.
  • 1
    BACK-FUCKING-UPS!!!
  • 0
    @netikras almost everything lives in git for my. I was shocked when I found out I didn’t commit that file. I’m going to work on a script that makes the new key and commits the file to a private repo.
Add Comment