[FEATURE] Implement storing ssh keys for users in separate pillar files #224
Description
Is your feature request related to a problem?
In pillar.example there are example how to read keys from state files:
ssh_keys:
# or you can provide path to key on Salt fileserver
privkey: salt://path_to_PRIVATEKEY
pubkey: salt://path_to_PUBLICKEYBut storing private keys in state files is insecure, for example here is recommendation to not do this.
And most of users will follow that example, without understanding the security risks when store private keys as files into state storage.
Also filling long private key text inside yaml is not good solution too, because operating with separate files is much more universal (eg for regenerating, reusing in other scripts).
Describe the solution you'd like
For solve this problem will be good to implement reading contents if ssh keys from file inside pillar structure.
Here is feature request about build-in support for this in SaltStack, so we could use something like this:
ssh_keys:
# or you can provide path to key on Salt fileserver
privkey: pillar://path_to_PRIVATEKEY
pubkey: pillar://path_to_PUBLICKEYbut it is closed with recommendation to use salt.pillar.file_tree, that isn't suitable for current task.
So, is it possible to implement this feature in users-formula itself? Or maybe you can provide some workaround for this?
Describe alternatives you've considered
Some alternatives are provided in issues saltstack/salt#18406, saltstack/salt#3790 and saltstack/salt#1543 but they isn't good.