vault-cert-openssh/README.md

30 lines
627 B
Markdown
Raw Normal View History

2019-05-05 20:17:20 +00:00
# Vault Certificate OpenSSH
This script check your current certificate expiration and ask to sign on your vault if needed
## Usage
### Vault
On your vault server you need to follow this documentation: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html
### SSH Wrapper
2019-05-08 13:24:49 +00:00
You need to setup three environment variables:
* VAULT_SSHSIGNPATH
* VAULT_ADDR
* VAULT_TOKEN (if missing read ~/.vault-token file)
2019-05-05 20:17:20 +00:00
Before each SSH connection add this wrapper command:
```bash
python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub
```
# Dev side
Prerequisite:
* Python >=3.7
2019-05-08 13:25:36 +00:00
* hvac
* pipreqs
* Vault