#!/usr/bin/env bash
set -eux
ssh-keygen -q -N "" -t rsa -b 4096 -f /ssh/ssh_host_rsa_key
# snippet:download_user_ssh_public_key
curl --silent http://vault:8200/v1/user-ssh/public_key > /ssh/
chmod 0640 /ssh/
# /snippet:download_user_ssh_public_key
curl --silent \
--header "X-Vault-Token: root-token" \
--request POST \
--data "{ \"cert_type\": \"host\", \"public_key\": \"$(cat /ssh/\" }" \
http://vault:8200/v1/host-ssh/sign/host-ssh | jq -r .data.signed_key > /ssh/
chmod 0640 /ssh/
/usr/sbin/sshd -e -D -f /ssh/sshd_config
