Find a file
Yann Verry 53902ba24e
Merge pull request #1 from yverry/dependabot/pip/cryptography-3.2
Bump cryptography from 2.6.1 to 3.2
2020-10-27 22:44:07 +01:00
.gitignore Initial commit 2019-05-05 14:56:33 +02:00
LICENSE Create LICENSE 2019-05-08 15:29:34 +02:00
README.md typo md 2019-05-08 15:25:36 +02:00
requirements.txt Bump cryptography from 2.6.1 to 3.2 2020-10-27 21:42:35 +00:00
vault-cert-openssh.py add sealed vault support (quick & dirty) 2020-03-22 18:16:09 +01:00

Vault Certificate OpenSSH

This script check your current certificate expiration and ask to sign on your vault if needed

Usage

Vault

On your vault server you need to follow this documentation: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

SSH Wrapper

You need to setup three environment variables:

  • VAULT_SSHSIGNPATH
  • VAULT_ADDR
  • VAULT_TOKEN (if missing read ~/.vault-token file)

Before each SSH connection add this wrapper command:

python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub

Dev side

Prerequisite:

  • Python >=3.7
    • hvac
    • pipreqs
  • Vault