From 1dfef1130362b7c45c32f64fc7fe9b565743dd07 Mon Sep 17 00:00:00 2001
From: Konstantin Nikolaev <knikolaev@ptsecurity.com>
Date: Wed, 14 Feb 2018 13:08:09 +0700
Subject: [PATCH 1/2] Support "salt://path_to_keyname" ssh_key definition in
 users."user name".ssh_keys."privkey|pubkey" pillar data

---
 users/init.sls | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/users/init.sls b/users/init.sls
index 0206ba3..8297317 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -194,7 +194,12 @@ users_{{ name }}_{{ key_name }}_key:
     - mode: 600
       {% endif %}
     - show_diff: False
+    {%- set key_value = salt['pillar.get']('users:'+name+':ssh_keys:'+_key) %}
+    {%- if 'salt://' in key_value[:7] %}
+    - source: {{ key_value }}
+    {%- else %}
     - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
+    {%- endif %}
     - require:
       - user: users_{{ name }}_user
       {% for group in user.get('groups', []) %}

From 1c8e6c7c30d2815a12bf870c675b78f535fd791c Mon Sep 17 00:00:00 2001
From: Konstantin Nikolaev <knikolaev@ptsecurity.com>
Date: Wed, 14 Feb 2018 13:12:58 +0700
Subject: [PATCH 2/2] Fix docs

---
 pillar.example | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pillar.example b/pillar.example
index df81335..f3b20b9 100644
--- a/pillar.example
+++ b/pillar.example
@@ -57,6 +57,9 @@ users:
     ssh_keys:
       privkey: PRIVATEKEY
       pubkey: PUBLICKEY
+      # or you can provide path to key on Salt fileserver
+      privkey: salt://path_to_PRIVATEKEY
+      pubkey: salt://path_to_PUBLICKEY
       # you can provide multiple keys, the keyname is taken as filename
       # make sure your public keys suffix is .pub
       foobar: PRIVATEKEY