On Mon, Aug 06, 2018 at 05:05:24PM +0000, PICCA Frederic-Emmanuel wrote: > I was using a nitrokey pro + gpg-agent in order to connect via ssh to the > debian infrastructure. > Now that we have salsa, it seems that the way to go is to use salsa token in > order to automake a bunch of tasks.
You can still use SSH to do repository operation. But I don't know what kind of automation you are doing. > So now I need to put somewhere on a disk my salsa token, in fact on every > computer where I want to use this token. > And it means a lot. You talked about automation. Such tasks usualy run on a pre-defined system. So I don't know why you need to have the credentials for this task on many computers. > I would like to have something like the previous setup where all my private > information are stores on the nitrokey. You can always use the encryption key functionality to decrypt the token. > do you know if the salsa api (in fact gitlab api) can be access more securely > than via a token which is copied multiple times everywhere. Yes, you restrict token to the job, so you don't need to copy them around. > and if not how are you dealing with this ? We usualy deal with problems by describing them and not try to fit a already finished solution into the framework; this is described as XY problem[1]. Bastian [1]: https://en.wikipedia.org/wiki/XY_problem -- It would seem that evil retreats when forcibly confronted. -- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5