Skip to content

PoC of how to use Vault to generate SSH signed certificates

Notifications You must be signed in to change notification settings

marceloalmeida/vault-ldap-ssh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Vault LDAP SSH POC

export VAULT_ADDR='http://192.168.33.22:8200'
export VAULT_TOKEN='mysecrettoken'
vault login -method=ldap username=homer password=password
vault login -method=ldap username=ned password=password
vault login -method=ldap username=ralph password=password
vault write -field=signed_key ssh-client-signer/sign/simpson valid_principals=admins public_key=@$HOME/.ssh/id_ed25519.pub | tee $HOME/.ssh/id_ed25519-cert.pub
vault write -field=signed_key ssh-client-signer/sign/flanders valid_principals=developers public_key=@$HOME/.ssh/id_ed25519.pub | tee $HOME/.ssh/id_ed25519-cert.pub
ssh-keygen -Lf $HOME/.ssh/id_ed25519-cert.pub
ssh 192.168.33.23 -l admins -i ~/.ssh/id_ed25519 -i ~/.ssh/id_ed25519-cert.pub
ssh 192.168.33.23 -l developers -i ~/.ssh/id_ed25519 -i ~/.ssh/id_ed25519-cert.pub

Sources

@ToDo

  • Create index pattern on Kibana
  • Wait/Retry CA creation on Vault

About

PoC of how to use Vault to generate SSH signed certificates

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages