It's pretty easy for us to rotate keys now, since new WireGuard peers are extrem... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Feb 9, 2022 \| parent \| context \| favorite \| on: Our User-Mode WireGuard Year It's pretty easy for us to rotate keys now, since new WireGuard peers are extremely cheap to bring up (part of the point of the post is that for most of the last year, that was the opposite of the case, and a new peer was a very painful thing to ask for). But rotating WireGuard keys with Fly.io makes about as much sense as rotating the OAuth2 API token `flyctl` uses (the token is strictly more powerful than the WireGuard key), and people generally don't do that.

ignoramous on Feb 10, 2022 [–]

Please write a bit about the secrets-infrastructure at fly.io! The cert store, the token store, the trade-offs, the protections around it (though, I'm sure we will judge you for it, especially if it isn't "secure enough" for any made up definition of "secure").

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact