how does one manage secrets and remote plays? when we only had linux to deal with, no big deal to ssh -A to a control node, tmux, and have no secrets stored there at all.
but now, we have to deal with windows, which doesnt speak ssh. of course we can keep a vault remotely, and copy paste the passphrase over the ssh connection, or just run from your laptop and hope the connections stay up. is there a better way? what do the remote windows admins around here do?
That’s pretty much all you can do today- WinRM doesn’t support any useful agent/key-based auth (WinRM certificate auth is nearly useless). It’d be cool if Microsoft could implement something akin to smartcard auth for RDP (which works transparently across remote connections like an ssh agent), but alas, nothing there yet. Microsoft’s OpenSSH build has apparently recently added support for key-based auth for both local and domain users, but getting Windows module support working over SSH isn’t even on the roadmap yet.
-Matt