This article assumes that you have set up a minimum vault: https://dev.to/frederickollinger/production-hashicorp-vault-minimal-configuration-485a
What is a Secrets Engine
A secrets engine is a place to keep secrets. There are a number secrets backend for various reasons. For example, there is a backend for SSL certificates and one of SSH certificates.
Enable the SSH Secrets Engine
This is a one time operation that the admin must do when setting up a new Vault instance:
vault secrets enable ssh
If
Put Existing SSH Key into Vault
Assuming we have an ssh key named fileserver.pem, put it into the vault like so:
vault write ssh/keys/fileserver key=@fileserver.pem
Create a public key:
vault write ssh/config/ca generate_signing_key=true
If you forget the public key, you can read it later:
vault read -field=public_key ssh-user-ca/config/ca
Fin
That's all that's needed to get a key into Vault.
Sometimes things are easier than we imagine if we only have a good guide.
References
I relied heavily on this excellent post, and I suggest that you read it: https://brian-candler.medium.com/using-hashicorp-vault-as-an-ssh-certificate-authority-14d713673c9a
Top comments (0)