Keyman

This simple little utility allows you to manage the authorized_keys files for a number of servers & users. It is designed to provide easy access to ensure that you can revoke & grant access to appropriate people on multiple servers.

Please Note: this utility is somewhat un-tested and not currently used in any production environment. Your mileage may vary and we recommend testing in a non-production environment prior to use.

Installation

To install, just install the Rubygem.

$ gem install keyman

Once installed, you will need to create yourself a manifest directory. This directory will contain all your configuration for your key manager. You should create an empty directory and add two files, a servers.rb and a users.rb file.

Example Users/Groups Manifest File

The below file is an example of a users.rb manifest file.

group :admins do
  user :adam, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
  user :charlie, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
  user :nathan, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
end

group :staff do
  user :jack, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
  user :dan, 'ssh-rsa AAAAB3NzaC1yc2EAAAA[...]=='
end

Example Server Manifest File

The below file is an example of a servers.rb file.

# An example configuration for a server where all admin users have
# access as 'root' and all staff users have access as 'app'.
server do
  host 'app01.myapplication.com'
  user 'root', :admins
  user 'app', :admins, :staff
end

# An example configuration for a server where admins plus one other user
# have access as root only.
server do
  host 'database01.myapplication.com'
  user 'root', :admins, :dan
end

Pushing files to servers

In order to push files to the server, you must already have YOUR key on the machine in order to authenticate. If you do not, you will not have access and will therefore be unable to push configuration.

$ cd path/to/manifest
# to push configuration to all servers
$ keyman push
# to push configuration to a specific server
$ keyman push database01.myapplication.com

There are other commands available within the app, you can view these by viewing the inline help.

$ keyman help