Both Mandos and Vogan support remote configuration files. For example:
include https://webserver.local/mandos.conf
An example configuration file for Mandos is:
mode permit include https://webserver.local/mandos.conf hash "860ab19122c867d95d31d016e7ffdb3ae5082b5d6a1f4ce5fd050c91338e9b6c" deny hash "f1a12ac21ea441cc7a005076dc931a57098f7b302c4cb387b6d217c87e1f62c0" permit directory "/tmp" deny directory "/bin" permit directory "/sbin" permit directory "/usr/bin" permit directory "/usr/sbin" permit
An example configuration file for vogan is:
include https://webserver.local/vogan.conf network_addresses=127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 restricted_groups=root
By having the “include” rule towards the top of the configuration file means it is read first, and the first matching rule applies. If the include file cannot be reached/read, it is skipped and the remaining configuration settings apply.
Mandos and Vogan do not validate the remote “https” server certificate.