cookbook 'vaultssh_bootstrap', '= 1.0.0'
vaultssh_bootstrap (2) Versions 1.0.0 Follow0
Sets up Vault SSH public key
cookbook 'vaultssh_bootstrap', '= 1.0.0', :supermarket
knife supermarket install vaultssh_bootstrap
knife supermarket download vaultssh_bootstrap
vaultssh_bootstrap
This cookbook is used to install the signed certificate public key on to a server to start using the Hashicorp Vault SSH secrets engine (signed ssh certificates). See this link for more details : https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html
Pre-reqs
You must have a vault server provisioned, configured and unsealed.
You also need to configure vault with the CA signing client keys. See Steps 1 and 2 here: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html
Once this is done, the client signer public key is accessible via the API at the /public_key endpoint.
Usage
To use this resource from a cookbook, add the below depends statement to the metadata.rb
file :
code
depends 'vaultssh_bootstrap', '~>1.0.0'
The resource can be used in a recipe as follows:
ruby
vault_ssh 'bootstrap_server' do
vault_url 'https://myvaultserver.com'
ca_key_name 'my-public-ca-key'
vault_ssh_path 'ssh-client-signer'
end
The properties are described below:
vault_url - The address to your vault server, for example https://myvaultserver.com
ca_key_name - The name of the public key to use for client signing. The public key will be retrieved from vault and saved to /etc/ssh/<i>ca_key_name</i>.pub
vault_ssh_path - This is the path the ssh secrets engine is mounted to in Vault. By default this is ssh
but can be overridden when the secrets engine is enabled.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
Collaborator Number Metric
1.0.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.0 failed this metric
FC067: Ensure at least one platform supported in metadata: vaultssh_bootstrap/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.0 failed this metric
FC067: Ensure at least one platform supported in metadata: vaultssh_bootstrap/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number