Should one be concerned about public keys being copied to wrong servers accidentally?
I am currently automating the setup of a web server with Ansible. My two team mates should be able to run the Ansible playbook as well. Therefore, their public keys need to be added to the authorized_keys of the user that will execute the Ansible tasks on the target host.
Ansible has even built-in support for this with the ansible.posix.authorized_keys module.
However, I've one concern: What if those keys are accidentally copied to an unrelated server? In this case, my team mates would gain access to a machine they should not have access to.
I can easily imagine scenarios where this would be the case.
For example: What if the repository (with the Ansible playbook and the public keys) gets copied over to a new project as a starting point? You might forget removing the public keys from the new project and accidentally run the playbook. Then, those public keys would "silently" be added to the new host, thereby permitting access for unauthorized persons to the respective host.
Should I be concerned? Is it even a common cause of security incidents? If yes, how to deal with that?
I came up with these the two options until now:
- Ignore the public keys in git. Still, the repo could be copied locally. But it's less likely than the case of the repo being cloned from a central git server.
- Require the keys to be transferred to the server manually. This degrades automation a bit, but is possibly negligible in our situation with a team of three.
