From 8db145eba76627b7c1e6987989ca16dfbf0eced5 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 4 Aug 2020 17:21:23 +0200
Subject: [PATCH] Document how to generate 2FA keys/certs

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 generate_2fa_keys.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 generate_2fa_keys.md

diff --git a/generate_2fa_keys.md b/generate_2fa_keys.md
new file mode 100644
index 0000000..b1dd672
--- /dev/null
+++ b/generate_2fa_keys.md
@@ -0,0 +1,25 @@
+# How to generate 2 Factor Authentication key and certificate
+
+Doing this requires membership in sysadmin-main FAS group.
+
+All the following commands should be ran on one of batcave hosts.
+
+Clone `ansible-private` repo:
+
+    git clone /srv/git/ansible-private
+
+Change into `files/vpn` subdirectory in cloned repo:
+
+    cd ansible-private/files/2fa-certs
+
+The process is described in the README but is basically:
+
+    . ./vars; ./build-and-sign-key <hostname>
+
+Add generated files to git index, commit, push:
+
+    git status
+    git add .
+    git commit -a -m "Add 2 FA key/cert for <hostname>"
+    git show
+    git push