We have our infrastructure on amazon ec2. Because we are growing we are setting up a basic Web Server AMI image that we will use to launch new servers as we need them.
The main problem is that when the machine starts, it doesnt launch httpd because it ask for the certificate private key passphrase.
I am considering the option of storing the private key unencrypted (without passphrase). I know if someone gets the key can use it on my behalf, but my question is how can they get the key?
We have a strong password for ssh user and then for root user. The key will only have permissions for root access.
Is there any other way rather than ssh that someone can hack into the server and get the private key?
Do you know or work for some company that actually stores their keys unencrypted?
Thanks a lot