Skip to content

Instantly share code, notes, and snippets.

Avatar

Marc Chua marcchua

View GitHub Profile
@marcchua
marcchua / Vault-ssh-ca-README.md
Created Mar 5, 2021 — forked from kawsark/Vault-ssh-ca-README.md
A guide for configuring Vault's SSH-CA
View Vault-ssh-ca-README.md

SSH CA use-case with Vault

In this scenario we are going to set up Vault to sign SSH keys using an internal CA. We will configure the SSH secrets engine and create a CA within Vault. We will then configure an SSH server to trust the CA key we just created. Finally we will attempt to SSH using a private key, and a public key signed by Vault SSH CA.

Prerequisites

  • This guide assumes you have already provisioned a Vault server, SSH host using OpenSSH server, and a SSH client machine.
  • The client system must be able to reach the Vault server and the OpenSSH server.
  • We will refer to these systems respectively as:
    • VAULT_SERVER
View keybase.md

Keybase proof

I hereby claim:

  • I am marcchua on github.
  • I am mchua (https://keybase.io/mchua) on keybase.
  • I have a public key ASCPvgDNqn3swO6eC7PPpDnsEt-v_x9NCQyHn4CYHlFJ3Qo

To claim this, I am signing this object: