The monkeysphere puppet module is designed to help you manage your servers and users using the monkeysphere[0]. To install the monkeypshere module, storeconfigs should be enabled in your puppet server to use certain features. See: http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration#Configuring+basic+storeconfigs Example usage for server setup: # Assuming you are using the sshd puppet module... $sshd_authorized_keys_file = "/var/lib/monkeysphere/authorized_keys/%u" include sshd # Optionally, indicate your preferred keyserver. You can specify a server # under your control and not accessible to the public or # pool.sks-keyservers.net if you want to publish to the public pool. The # value you specify here will be used for all monkeysphere and gpg commands $monkeysphere_keyserver = "zimmermann.mayfirst.org" include monkeysphere # Ensure the server's ssh key is imported into your monkeysphere key ring monkeysphere::import_key { "main": } # Optionally publish the server key to a keyserver (as indicated above) monkeysphere::publish_server_keys { "main": } # Optionally email the server key to your self monkeysphere::email_server_keys { "we@ourdomain.org": } # Be sure to sign the server's key! # Indiciate the fingerprint of the gpg key that should be used # to verify user ids. You can repeat this for as many certifiers # as you need monkeysphere::add_id_certifier { "jamie": keyid => "1CB57C59F2F42470238F53ABBB0B7EE15F2E4935" } # Indicate who should have root access on the server monkeysphere::authorized_user_ids { "root": user_ids => [ "sarah " , "jose "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" } A host can be configured as a host you would use to sign the gpg keys by placing: include monkeysphere::signer into the node definition. ON this host, a file will be placed in /var/lib/puppet/modules/monkeysphere/hosts for each host configured as a sshserver. Each file will contin the gpg id, the gpg fingerprint, and the ssh fingerprint of the sshserver. 0. http://monkeysphere.info/