You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Yann Verry 6f5097ee1d
update pipenv doc
1 year ago
.gitignore Initial commit 3 years ago
LICENSE Create LICENSE 3 years ago
Pipfile Switch from requirements to Pipfile 1 year ago
Pipfile.lock Switch from requirements to Pipfile 1 year ago
README.md update pipenv doc 1 year ago
vault-cert-openssh.py add sealed vault support (quick & dirty) 2 years ago

README.md

Vault Certificate OpenSSH

This script check your current certificate expiration and ask to sign on your vault if needed

Usage

Vault

On your vault server you need to follow this documentation: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

SSH Wrapper

You need to setup three environment variables:

  • VAULT_SSHSIGNPATH
  • VAULT_ADDR
  • VAULT_TOKEN (if missing read ~/.vault-token file)

Before each SSH connection add this wrapper command:

python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub

Dev side

Prerequisite:

  • Python >=3.7
    • hvac
    • pipenv
  • Vault