Some background for the uninvited Two Factor Authentication (2FA) and it’s more serious cousing Multi-Factor Authentication (MFA) is a way of protecting your access in more than one way. In the traditional world, it means that only you have access to your credit card and its four digit PIN, only you know which bicycle or home is yours and carry the key to the lock, that only you carry your ID or password and look sufficiently like the person on the photo1.

One chicken-and-egg-problem with setting up servers is taking care of secrets. Secrets are hard, and they’re especially hard to keep secret. When working with systems management, you really want to keep your secrets secret, but you also want to share them with your peers. In essence, this is a conflict of interests and a hard problem to solve in a truly usable manner. But it’s not impossible. Lately, i’ve been re-introducing myself to Ansible because it’s a way to efficiently communicate intent between peers.