I'm using puppet to distribute SSH keys, like so:
ssh_authorized_key { "alice@foo.com":
ensure => present,
key => 'xxxx',
type => 'ssh-rsa',
user => 'deploy',
}
The ~/.ssh/authorized_keys file ends up containing a mix of keys from multiple classes, which is the desired result. However, if a key is manually added to $HOME/.ssh/authorized_keys, Puppet will leave it in place. Is there a way to always remove any key that has not been explicitly defined in a manifest?
I have puppet version 2.7.1.
Best Answer
Starting with Puppet 3.6 it is now possible to purge unmanaged SSH authorized keys via the
user
type. For example,