From ab26ac409b9c93969d3974199547b772d042b82a Mon Sep 17 00:00:00 2001
From: Lazlo Westerhof <l.r.westerhof@uu.nl>
Date: Tue, 19 Nov 2019 09:42:08 +0100
Subject: [PATCH] Add information about insecure keypairs for development
 instances.

---
 .../development/allinone/group_vars/allinone.yml       |  2 ++
 environments/development/full/group_vars/full.yml      |  2 ++
 vagrant/ssh/README.md                                  | 10 ++++++++++
 3 files changed, 14 insertions(+)
 create mode 100644 vagrant/ssh/README.md

diff --git a/environments/development/allinone/group_vars/allinone.yml b/environments/development/allinone/group_vars/allinone.yml
index 3121470e4..56a4804b7 100644
--- a/environments/development/allinone/group_vars/allinone.yml
+++ b/environments/development/allinone/group_vars/allinone.yml
@@ -196,6 +196,8 @@ yoda_public_host: combined.yoda.test   # Yoda public host
 yoda_public_fqdn: public.yoda.test     # Yoda public fully qualified domain name (FQDN)
 
 # Yoda public upload private key (base64 encoded)
+# These keys are the "insecure" public/private keypair we offer for use in development instances.
+# If you use this instance for anything other than development, you should create your own keypair.
 # ssh-keygen -t ed25519 -> base64
 upload_priv_key: |
   LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFB
diff --git a/environments/development/full/group_vars/full.yml b/environments/development/full/group_vars/full.yml
index d6acf2b2b..02abdcd99 100644
--- a/environments/development/full/group_vars/full.yml
+++ b/environments/development/full/group_vars/full.yml
@@ -196,6 +196,8 @@ yoda_public_host: public.yoda.test     # Yoda public host
 yoda_public_fqdn: public.yoda.test     # Yoda public fully qualified domain name (FQDN)
 
 # Yoda public upload private key (base64 encoded)
+# These keys are the "insecure" public/private keypair we offer for use in development instances.
+# If you use this instance for anything other than development, you should create your own keypair.
 # ssh-keygen -t ed25519 -> base64
 upload_priv_key: |
   LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFB
diff --git a/vagrant/ssh/README.md b/vagrant/ssh/README.md
new file mode 100644
index 000000000..c900682a0
--- /dev/null
+++ b/vagrant/ssh/README.md
@@ -0,0 +1,10 @@
+# Insecure Keypair
+
+These keys are the "insecure" public/private keypair we offer to
+[base box creators](https://www.vagrantup.com/docs/boxes/base.html) for use in their base boxes so that
+vagrant installations can automatically SSH into the boxes.
+
+If you're working with a team or company or with a custom box and
+you want more secure SSH, you should create your own keypair
+and configure the private key in the Vagrantfile with
+`config.ssh.private_key_path`