yann/vault-cert-openssh
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
19 commits 1 branch 0 tags 51 KiB
Python 100%
Find a file
Yann Verry 6f5097ee1d
update pipenv doc
2021-04-03 16:12:37 +02:00
.gitignore Initial commit 2019-05-05 14:56:33 +02:00
LICENSE Create LICENSE 2019-05-08 15:29:34 +02:00
Pipfile Switch from requirements to Pipfile 2021-04-03 16:12:17 +02:00
Pipfile.lock Switch from requirements to Pipfile 2021-04-03 16:12:17 +02:00
README.md update pipenv doc 2021-04-03 16:12:37 +02:00
vault-cert-openssh.py add sealed vault support (quick & dirty) 2020-03-22 18:16:09 +01:00

README.md

Vault Certificate OpenSSH

This script check your current certificate expiration and ask to sign on your vault if needed

Usage

Vault

On your vault server you need to follow this documentation: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

SSH Wrapper

You need to setup three environment variables:

  • VAULT_SSHSIGNPATH
  • VAULT_ADDR
  • VAULT_TOKEN (if missing read ~/.vault-token file)

Before each SSH connection add this wrapper command:

python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub

Dev side

Prerequisite:

  • Python >=3.7
    • hvac
    • pipenv
  • Vault