Resolution: Won't Fix
Affects Version/s: PUP 4.2.1
Fix Version/s: None
There are numerous reasons to acquire a key from a Puppet server, including
1. To create a code deployment key for invalidating the environment cache
2. To create per-user keys used for MCollective authentication
...etc. Manually generating the key on the server and then copying the private key across the network to the node is not ideal for many reasons. In some situations the client would rather not have someone else possess their private key for any reason. The connect/authorize model works very well for this.
The old process was:
At this point you'd have a private key and a certificate signed by the Puppet CA without anyone else ever having a copy of the private key.
Removal of the no-client mode makes this process much more difficult/annoying. Is there another way to accomplish this request that I am unaware of?
If not, would you consider re-enabling this option or adding a feature to puppet cert to submit key requests to remote servers and then to retrieve the results?