best practice to manage private ssh keys
Dear all!
I am wondering how I should manage my private keys of hosts/users.
My setup: Infra is managed using puppet control repo with roles/profiles and r10k. I have a puppet master + puppetdb, foreman as dns, dhcp, pxe and external node classifier. I use https://github.com/ghoneycutt/puppet-... to manage ssh/sshd. The hosts public keys are exported to puppet db and collected so /etc/ssh/sshknownhosts is set with all known public keys.
Now what I am missing is: Managing private ssh keys of hosts and users. So I can rsync, git clone, ... via ssh between servers.
I am thinking of: Manually creating ssh keys with ssh-keygen for users/servers, putting these files into my puppet control repo and managing these files with puppet. Setting up hiera-eyaml with gpg to encrypt these files.
Is this a sound approach? Am looking forward to hearing how you solve this :) Thanks a lot!