Skip to content
  • epriestley's avatar
    Allow device SSH keys to be trusted · 5e0f218f
    epriestley authored
    Summary:
    Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.
    
    We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.
    
    Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.
    
    Test Plan:
      - Generated a user key.
      - Generated a device key.
      - Trusted a device key.
      - Untrusted a device key.
      - Hit the various errors on trust/untrust.
      - Tried to edit a trusted key.
    
    {F236010}
    
    Reviewers: btrahan
    
    Reviewed By: btrahan
    
    Subscribers: epriestley
    
    Maniphest Tasks: T6240
    
    Differential Revision: https://secure.phabricator.com/D10878
    5e0f218f