Palo Alto NGFW initiation creates an SSH keypair and writes it to the local provisioning system's disk in plaintext, instructing the deployer to copy the keypair onwards to the bastion for further use. This presents unnecessary credential exposure risk.
To extend the reach of auditable access to the keypair, the keypair should be stored in Secret Manager with tightly scoped access, ideally just the bastion host's service account. Instructions should be updated to pull the keypair from Secret Manager.
While OS Login is not available for IL4/IL5 today, it should be the preferred authentication mechanism where possible, to avoid proliferation of long-lived plaintext credentials like SSH keypairs.
Palo Alto NGFW initiation creates an SSH keypair and writes it to the local provisioning system's disk in plaintext, instructing the deployer to copy the keypair onwards to the bastion for further use. This presents unnecessary credential exposure risk.
To extend the reach of auditable access to the keypair, the keypair should be stored in Secret Manager with tightly scoped access, ideally just the bastion host's service account. Instructions should be updated to pull the keypair from Secret Manager.
While OS Login is not available for IL4/IL5 today, it should be the preferred authentication mechanism where possible, to avoid proliferation of long-lived plaintext credentials like SSH keypairs.