README
¶
Vault Signed SSH Certificate Manager
CLI command to manage SSH connections with Vault
Usage:
vault-ssh [command]
Available Commands:
certificate Manages certificates for SSH engine.
enable Enables SSH Engine.
help Help about any command
role Manages roles for SSH engine.
sign Signs given public key with SSH engine and role.
version Print the version/build number
Flags:
-h, --help help for vault-ssh
Use "vault-ssh [command] --help" for more information about a command.
Requirements
- Vault Server
What does it do?
It's a tool to create Signed SSH Certificates with Vault.
How to use it
- Enable a SSH engine in your Vault.
vault-ssh enable --path my-ssh-signer
- Generate a Certificate CA for the engine.
vault-ssh certificate create --engine my-ssh-signer
- Read created certificate to put on your server.
vault-ssh certificate get --engine my-ssh-signer
- Create a role for the engine.
vault-ssh role create --name omegion --engine my-ssh-signer
- Sign your public key with a role. The generated file will be written in
signed-key.pubin this example.
vault-ssh sign \
--role omegion \
--engine my-ssh-signer \
--public-key ~/.ssh/id_rsa.pub > signed-key.pub
- SSH your server with signed key.
ssh -i signed-key.pub -i ~/.ssh/id_rsa root@1.1.1.1
Improvements to be made
- 100% test coverage.
- Better covering for other features.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
vault/mocks
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
Click to show internal directories.
Click to hide internal directories.