CLI command to manage SSH connections with Vault
Usage:
vault-ssh [command]
Available Commands:
certificate Manages certificates for SSH engine.
enable Enables SSH Engine.
help Help about any command
role Manages roles for SSH engine.
sign Signs given public key with SSH engine and role.
version Print the version/build number
Flags:
-h, --help help for vault-ssh
Use "vault-ssh [command] --help" for more information about a command.- Vault Server
It's a tool to create Signed SSH Certificates with Vault.
- Enable a SSH engine in your Vault.
vault-ssh enable --path my-ssh-signer- Generate a Certificate CA for the engine.
vault-ssh certificate create --engine my-ssh-signer- Read created certificate to put on your server.
vault-ssh certificate get --engine my-ssh-signer- Create a role for the engine.
vault-ssh role create --name omegion --engine my-ssh-signer- Sign your public key with a role. The generated file will be written in
signed-key.pubin this example.
vault-ssh sign \
--role omegion \
--engine my-ssh-signer \
--public-key ~/.ssh/id_rsa.pub > signed-key.pub- SSH your server with signed key.
ssh -i signed-key.pub -i ~/.ssh/id_rsa root@1.1.1.1- 100% test coverage.
- Better covering for other features.