1 thought on “How do I secure a VM?”

  1. Vagrant requires SSH for a lot of it’s provisioning and post-provisioning tasks. The safest approach would be to use a custom public key with an encrypted private key. Use ssh-agent to decrypt the key before use.

    You have two options for SSH keys and an encrypted volume:

    1. Build a custom box pre-configured with an encrypted drive and secure SSH key.
    2. Build a minimal box. Create your encrypted volume and ssh keys using post-provisioning scripts.

    Option 1 would be faster to bring up each time, but would be more complex to build, and would have a global encrypted disk and SSH key.

    Option 2 would be somewhat more secure. You’d have to design your post-provisioning keys separately.

    Beyond that though, I don’t see a good use case for what you’re asking. Vagrant is not a tool for building public or production machines; it’s a tool for developing and testing code. Security shouldn’t be a high priority for that use case.


Leave a Comment