RDM + Hashicorp Vault SSH CA
Hi,
I you want to use the Hashicorp Vault SSH CA sign feature with your SSH session, this is my first attempt with a before Event on a SSH session:
$env:VAULT_ADDR="https://your.vault.addr" $tmpkey = New-TemporaryFile Remove-ITem $tmpkey.Fullname -Force -Confirm:$false ssh-keygen.exe -q -t ed25519 -N '""' -f $tmpkey.Fullname vault write -field=signed_key ssh-demo-rdm/sign/demorole public_key="@$($tmpkey.Fullname).pub" > "$($tmpkey.Fullname)-cert.pub" $RDM.Connection.Terminal.PrivateKeyCertificateType = "File" $RDM.Connection.Terminal.PrivateKeyCertificateFileName = "$($tmpkey.Fullname)-cert.pub" $RDM.Connection.Terminal.PrivateKeyType = "File" $RDM.Connection.Terminal.PrivateKeyFileName = "$($tmpkey.Fullname)" $RDM.Connection.Terminal.PrivateKeyPromptForPassPhrase = false $RDM.save()
If you know how:
- Use the "File -> Settings -> Password Management -> HashiCorp Vault" configuration to login to Vault
- Or retreive a login/password from "File -> My defaults -> ..." to make the login in my script
- retrieve the public key from "File -> My Defaults -> My Personal Private Key" or "My Personal Credentials" or from a Personnal Vault
I appreciate help ;-)
I think I will add customs fields for role or Vault addr
All Comments (1)
Hello Joffrey,
As discussed in your other thread, https://forum.devolutions.net/topics/39360/use-a-wrapper-script-for-ssh-connection#175525, it is possible to retrieve the credentials for "My personal credentials" with the cmdlet Get-RDMPersonalCredentials.
If the other two are required, please let me know, we will move this thread to the Feature request section.
Best regards,
Richard Boisvert