Security

If you’re doing SSH keys right… they tend to accumulate… Keys unique to various environments or even specific hosts Rotation (new keys generated, old keys deprecated and phased out) They just pile-up and quickly! This leads to eventual sadness: sign_and_send_pubkey: signing failed for ED25519 "key-abc" from agent: agent refused operation Received disconnect from 10.x.x.1 port 22:2: Too many authentication failures I’ve mentioned this problem to ChatGPT from time to time and it has historically hallucinated promising but ultimately disapointingly nonsense “solutions.” ...

…and just like that, we’re live with automated publishing. I commit to git and a CICD pipeline authenticates over OIDC and deploys to an S3 bucket that serves as an origin for CloudFront. The domain is hosted on Route53 using DNS records created and maintained by Terraform. I push… content gets published. What more can you want? I think this is going to work out just fine, indeed!