Followup to #60
Below is a direct copy from #60...
While we should have one key "shared", I belive we should think about it being a "fallback" and build a mechanism to distribute keys.
Long term we should:
- Have an "ultimate" fallback key, which is well kept (and out of reach from most, potentially similar to the gpg keys)
- Have a key for automation tasks (not shared with people)
- Have a mechanism and process with which we allow new keys and distribute them
- Have a mechanism to revoke keys easily (if someone leaves)
- Document the usage of "non-user" keys (such as automation) and prepare for quickly exchanging them, if someone leaves or a machine may be compromised
For now (with only 2 of us we may run a "light" variant of it), but we should strive to achive this.
Another option may be to use ssh certificates instead of keys, since certificates can be revoked (or short lived) and limited to usernames and permissable binaries.
This still holds mostly true, but due to the Codeberg infrastructure requiring hardware based ssh keys, for now at least, the fallback key is not really an option (unless we start using something along the lines of the mooltipass and send key cards by snail mail and put up the database in the secrets repo)