I hereby claim:
- I am jeffreyalles on github.
- I am jeffreyalles (https://keybase.io/jeffreyalles) on keybase.
- I have a public key whose fingerprint is 2BFA 7400 7AA3 F2D9 D45F 44BD 3337 5D0C ABA6 5660
To claim this, I am signing this object:
The aim of this quick documentation is to explain how to deploy and configure HashiCorp Vault and Ansible Tower to make ssh-ca | |
happen to secure your environment. | |
- First Step : Installing Vault | |
To do that, you can use a shell script that I build to deploy a 1 Node Vault Server. | |
https://github.com/nehrman/hashicorp-solutions-scripts/blob/master/vault_single_server.sh | |
- Second Step : Configure Vault for ssh-ca |
#Set the authentication details | |
$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain | |
$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app. For best result, use app with Policy.Read.All and Policy.ReadWrite.ConditionalAccess scopes granted | |
$client_secret = "XXXXXXXXXXXXXXXxxxx" #client secret for the app | |
$body = @{ | |
client_id = $AppId | |
scope = "https://graph.microsoft.com/.default" | |
client_secret = $client_secret | |
grant_type = "client_credentials" |
# 1. (Optional) Disable SSH and Key/Value secrets engine if they existed. | |
# NOTE: THIS WILL ERASE PREVIOUSLY CONFIGURED ENGINES AT THIS PATH | |
export VAULT_TOKEN=<Admin-or-Root-key> | |
vault secrets disable ssh | |
vault secrets disable kv | |
# 2. Enable SSH secrets engine (Client signer role) and generate a CA | |
vault secrets enable -path=ssh ssh | |
vault write -format=json ssh/config/ca generate_signing_key=true | jq -r '.data.public_key' > ./trusted-user-ca-keys.pem |
server { | |
listen 80; ## listen for ipv4; this line is default and implied | |
root /var/virtual/www | |
index index.php; | |
server_name example.com; | |
charset utf-8; | |
access_log off; | |
location / { |
I hereby claim:
To claim this, I am signing this object:
// Use Gists to store code you would like to remember later on | |
console.log(window); // log the "window" object to the console |