Generate SSH Key for cloning repos about models HOT 5 CLOSED

Just thinking this through a little more,

Core should probably generate the key pair when it starts, if it doesn't already exist (in a volume mount), and Frontends can share this volume.
So that it is created once and doesn't change.

Then we just need to be able to copy the public key from backoffice to add it to the required repos.

from models.

There’s a few possibilities for handling this:

1. One key-pair per repo. These can be generated when adding a repo and the public key shown to the user. This could work neatly if we split out the driver and UI build process to an external service. Advantages is this makes it very simple safe to roll keys if required and we’d likely only have a single instance of the service so never need to share private keys between machines.
2. One key-pair per core node.
3. Or, one key-pair per full deploy (shared between all core nodes and repos).

@viv-4 you’re probably more familiar than me, but am I correct in thinking that most repo hosting providers need these keys added at the repo level rather than being able to be added to an org? The only reason I can see for not using a key per repo is to reduce config overhead.

from models.

We'll avoid generation of the key on the core side @viv-4
At the model level, we'll generate a new keypair (if none is passed in during creation) and keep it encrypted server-side.
The public key will be visible to admin/support.

from models.

See PlaceOS/compiler#9

from models.

The build service that is replacing the internal core compilation and the cloning process will only support password-based authentication for git repos

from models.