Synchronizing Key Server (SKS) Puppet module

Jeremy T. Bouse



8,578 latest version

3.8 quality score

Version information

  • 0.1.5 (latest)
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Apr 30th 2014

Start using this module

Tags: ubuntu, debian, sks


jbouse/sks — version 0.1.5 Apr 30th 2014

Build Status

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with sks
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


SKS is an OpenPGP key server that correctly handles all OpenPGP features defined in RFC2440 and RFC2440bis, including photoID packages and multiple subkeys.

##Module Description

If applicable, this section should have a brief description of the technology the module integrates with and what that integration enables. This section should answer the questions: "What does this module do?" and "Why would I use it?"

If your module has a range of functionality (installation, configuration, management, etc.) this is the time to mention it.


###What sks affects

Manages the following files for you:

  • /etc/sks/sksconf
  • /etc/sks/membership

###Setup Requirements

The module does not handle retrieving the initial keydump to seed the key server. This will have to be done manually and then enable the server to boot by modifying the /etc/default/sks to allow the init script to start the server daemon.

If you want to join the SKS network you'll need to put your key server behind a reverse proxy. Many key servers run behind nginx or Apache. You can accomplish this easily with existing Forge modules.

###Beginning with sks

It is highly recommended that you read the SKS Wiki to better understand the key server if you are unfamiliar.


The SKS module is designed to work with minimum configuration needed following best practices from other SKS operators.

  class { 'sks': }

This will confiugre the server and is recommended to start out a new server. Once you've imported your keydump and have your server up and ready for peering you will need to begin adding peers. If you're using Hiera this is as simple as:

  - hostname:
    admin: Jeremy T. Bouse
    keyid: '0xD01E190C'

This can also be accomplished without Hiera as:

  class { 'sks':
    members => [{
      hostname => '',
      admin    => 'Jeremy T. Bouse',
      email    => '',
      keyid    => '0xD01E190C',


Here, list the classes, types, providers, facts, etc contained in your module. This section should include all of the under-the-hood workings of your module so people know what the module is touching on their system but don't need to mess with things. (We are working on automating this section!)


While OS packaging has been made available for both RPM and DEB based systems, the module has only been actually tested on Debian/Ubuntu based systems.


If you want to contribute feel free to fork the repository and submit a pull request for inclusion.