I set up Vault Credential Brokering. It looks credentials auto injection is only support psql. I need to do like this for ssh and others.
boundary targets authorize-session -id ttcp_5tcclnDIWi -format json | jq -r '.item.credentials[0]' | jq -r '.secret.decoded.signed_key' > boundarydemo-signed-cert.pub
boundary connect -authz-token=***
and then
ssh ubuntu@127.0.0.1 -p 52185 -i boundarydemo -i boundarydemo-signed-cert.pub
I think this means the secret, boundarydemo-signed-cert.pub will be exposed to the client. Do you have a plan to expand connect helper to other ways . I especially prefer to have ssh and exec (mysql).