Roots Discourse

Re-provisioning with tag users does not removing ssh keys from authorized_keys

We are working with a team of developers, every project we put all the keys of all the team members in the /group_vars/all/users.yml so anyone can access the server by ssh.

I was testing out today, what if someone leaves us and we want to remove his public key in existing “authorized_keys” files on the different servers.

I removed one of the keys from the /group_vars/all/users.yml and re-provisiond with the users tag. (trellis provision --tags users staging) This does not remove any keys, it only adds keys if I add another one in the users.yml.

Is this how it’s supposed to work? Am I doing something wrong? Or is this something to be aware of, if you work with co-workers/freelancers.

Curious what you think of it.

Currently this is how it works (and something to be aware of, might want to modify our docs with a warning) but it would be nice if it could remove keys, too

Would you mind opening a feature request on the Trellis repo on GitHub?

2 Likes