This repository has been archived by the owner on Mar 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
KM498 ✅ Use ed25519 key algorithm for ArgoCD deploy key #894
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yngvark
changed the title
Update key generation for ArgoCD
KM498🐛Update key generation for ArgoCD
Jan 27, 2022
yngvark
changed the title
KM498🐛Update key generation for ArgoCD
KM498🐛Use ed25519 key format for ArgoCD deploy key
Jan 27, 2022
yngvark
changed the title
KM498🐛Use ed25519 key format for ArgoCD deploy key
KM498 🐛 Use ed25519 key format for ArgoCD deploy key
Jan 27, 2022
yngvark
force-pushed
the
KM498-use_ed25519_ssh_key_format
branch
5 times, most recently
from
February 11, 2022 07:46
2921691
to
eb411b0
Compare
yngvark
changed the title
KM498 🐛 Use ed25519 key format for ArgoCD deploy key
KM498 🐛 Use ed25519 key algorithm for ArgoCD deploy key
Feb 11, 2022
3 tasks
yngvark
force-pushed
the
KM498-use_ed25519_ssh_key_format
branch
from
February 11, 2022 09:34
de27875
to
269deda
Compare
yngvark
changed the title
KM498 🐛 Use ed25519 key algorithm for ArgoCD deploy key
KM498 ✅ Use ed25519 key algorithm for ArgoCD deploy key
Feb 11, 2022
deifyed
approved these changes
Feb 11, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Can't say I feel comfortable QA'ing crypto related functions. Maybe ensure theres other eyes on this as well?
yngvark
force-pushed
the
KM498-use_ed25519_ssh_key_format
branch
from
February 16, 2022 13:32
269deda
to
694eea3
Compare
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
Codecov Report
@@ Coverage Diff @@
## master #894 +/- ##
==========================================
+ Coverage 44.19% 46.52% +2.32%
==========================================
Files 277 239 -38
Lines 7811 7347 -464
==========================================
- Hits 3452 3418 -34
+ Misses 4359 3929 -430
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Changes deploy key to use ed25519 algorithm for SSH keys.
Unfortunately, the Golang standard library haven't yet implemented support for marshalling a ed25519 private key into the OpenSSH format, which is required by Git, hence ArgoCD. To do this, I have copied the implementation from https://github.com/mikesmitty/edkey and documented its use. Also wrote a simple test to attempt to verify that produced private key is secure. The documentation includes a link to the issue (see link below) that tracks the implemenation of support for the OpenSSH format.
Background: golang/go#37132
Motivation and Context
https://trello.com/c/9GxBElfD/498-argocd-stops-working-2022-03-15-due-to-old-format-of-deploy-key
How to prove the effect of this PR?
Verify old key
privatekey
for your cluster (something like /okctl/x/github/deploykeys/oslokommune/x/privatekey)Remove and reapply ArgoCD
argoCD: false
okctl apply cluster ...
argoCD: true
okctl apply cluster ...
Verify new key
Also, in okctl state -> github, the public key should now start with "ed25519".
Additional info
The upgrade for this is in: oslokommune/okctl-upgrade#14
Types of changes
Checklist: