Find a file
2021-04-03 16:12:37 +02:00
.gitignore Initial commit 2019-05-05 14:56:33 +02:00
LICENSE Create LICENSE 2019-05-08 15:29:34 +02:00
Pipfile Switch from requirements to Pipfile 2021-04-03 16:12:17 +02:00
Pipfile.lock Switch from requirements to Pipfile 2021-04-03 16:12:17 +02:00
README.md update pipenv doc 2021-04-03 16:12:37 +02:00
vault-cert-openssh.py add sealed vault support (quick & dirty) 2020-03-22 18:16:09 +01:00

Vault Certificate OpenSSH

This script check your current certificate expiration and ask to sign on your vault if needed

Usage

Vault

On your vault server you need to follow this documentation: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

SSH Wrapper

You need to setup three environment variables:

  • VAULT_SSHSIGNPATH
  • VAULT_ADDR
  • VAULT_TOKEN (if missing read ~/.vault-token file)

Before each SSH connection add this wrapper command:

python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub

Dev side

Prerequisite:

  • Python >=3.7
    • hvac
    • pipenv
  • Vault