• I've read the guidelines for Contributing to Roots Projects
• This request isn't a duplicate of an existing request
• This is not a personal support request that should be posted on the Roots Discourse community

Feature request

When re-provisioning a server with a users tag trellis provision --tags users env it does not remove the keys from authorized_keys. It would be nice if it could remove keys.

Working with a team of developers, we've put all the keys of all the team members in the /group_vars/all/users.yml. Removing a key in users.yml and re-provision the server does not remove any keys.

This is something to be aware of, might want to modify the docs with a warning.

Related discourse topic: https://discourse.roots.io/t/re-provisioning-with-tag-users-does-not-removing-ssh-keys-from-authorized-keys/15857