You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Weβve been exploring how to securely distribute sensitive information to Cagelab instances.
Examples of such data include:
π Netbird key
π SSH public key (secure, but inconvenient to manage via GitHub)
π οΈ Proposed Approach: Two-Step Setup
bootstrap.sh
Runs inside the target Cagelab instance, preparing the environment:
Install Netbird
Install SSH server
Perform basic setup
post-bootstrap script
Runs on a separate machine (e.g., an office workstation).
The user manually provides sensitive information here, such as:
Netbird key
Updated SSH public keys
π Sequence (Two-Step)
sequenceDiagram
participant Workstation as Workstation (Office PC)
participant Cagelab as Cagelab Instance
Cagelab->>Cagelab: Run bootstrap.sh
Note over Cagelab: Basic setup completed
Workstation->>Cagelab: Run post-bootstrap script provides Netbird key && etc..
Note over Cagelab: Sensitive data configured
Loading
π Further Simplification
Windows (SSH disabled by default): must follow the two-step process above.
Linux (SSH enabled by default): can often be simplified into one step, enabling full remote configuration.
In the Linux case, the control server directly calls bootstrap.sh and provides sensitive information as parameters.
This eliminates the need for a separate post-bootstrap step.
π Sequence (One-Step, Linux)
sequenceDiagram
participant Control as Control Server
participant Cagelab as Cagelab Instance (Linux)
Control->>Cagelab: Invoke bootstrap.sh with parameters (Netbird key, SSH public keys, etc.)
Note over Cagelab: bootstrap.sh
Note over Cagelab: Applies sensitive data
Loading
π Comparison
System Type
Approach
Notes
πͺ Windows
Two steps β run bootstrap.sh (basic setup), then post-bootstrap (inject sensitive info)
Separation required since the instance cannot initially receive sensitive data directly
π§ Linux
One step β control server directly invokes bootstrap.sh with sensitive parameters
Enables complete remote configuration without a separate step
π Overview
Weβve been exploring how to securely distribute sensitive information to Cagelab instances.
Examples of such data include:
π οΈ Proposed Approach: Two-Step Setup
bootstrap.shRuns inside the target Cagelab instance, preparing the environment:
post-bootstrapscriptRuns on a separate machine (e.g., an office workstation).
The user manually provides sensitive information here, such as:
π Sequence (Two-Step)
sequenceDiagram participant Workstation as Workstation (Office PC) participant Cagelab as Cagelab Instance Cagelab->>Cagelab: Run bootstrap.sh Note over Cagelab: Basic setup completed Workstation->>Cagelab: Run post-bootstrap script provides Netbird key && etc.. Note over Cagelab: Sensitive data configuredπ Further Simplification
In the Linux case, the control server directly calls
bootstrap.shand provides sensitive information as parameters.This eliminates the need for a separate
post-bootstrapstep.π Sequence (One-Step, Linux)
sequenceDiagram participant Control as Control Server participant Cagelab as Cagelab Instance (Linux) Control->>Cagelab: Invoke bootstrap.sh with parameters (Netbird key, SSH public keys, etc.) Note over Cagelab: bootstrap.sh Note over Cagelab: Applies sensitive dataπ Comparison
bootstrap.sh(basic setup), thenpost-bootstrap(inject sensitive info)bootstrap.shwith sensitive parameters