Re: Best practices for tokens/passwords that can't be versioned


Thanks for the feedback.
This is a very interesting use case.
By default you want to allow ssh access for the developer who built
the image, cool :)

On Thu, Dec 13, 2018 at 2:59 PM Enrico Scholz
<enrico.scholz@...> wrote:

Alan Martinovic <alan.martinovic@...> writes:

am looking for opinions on how to deal with recipes that depend on file content
that can't be versioned.
For ssh public keys we use something like

e.g. we take it from ${HOME}/.config/oe (which is a little bit tricky to

And/or incliude local/side configuration by

which in turn includes something from ~/.config/oe/

i.e. The logging service on the embedded device needs to have a
certain private key
Note that including private keys in the image usually weakens security
because the key can be extracted more or less trivially.

SIGMA Chemnitz GmbH Registergericht: Amtsgericht Chemnitz HRB 1750
Am Erlenwald 13 Geschaeftsfuehrer: Grit Freitag, Frank Pyritz
09128 Chemnitz

Join to automatically receive all group messages.