/vault-cert-openssh

Sign openssh certificate with vault

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Vault Certificate OpenSSH

This script check your current certificate expiration and ask to sign on your vault if needed

Usage

Vault

On your vault server you need to follow this documentation: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

SSH Wrapper

You need to setup three environment variables:

  • VAULT_SSHSIGNPATH
  • VAULT_ADDR
  • VAULT_TOKEN (if missing read ~/.vault-token file)

Before each SSH connection add this wrapper command:

python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub

Dev side

Prerequisite:

  • Python >=3.7
    • hvac
    • pipenv
  • Vault