Boundary Connect Helper for SSH and others

I set up Vault Credential Brokering. It looks credentials auto injection is only support psql. I need to do like this for ssh and others.

boundary targets authorize-session -id ttcp_5tcclnDIWi -format json | jq -r '.item.credentials[0]' | jq -r '.secret.decoded.signed_key' > boundarydemo-signed-cert.pub

boundary connect -authz-token=***

and then

ssh ubuntu@127.0.0.1 -p 52185 -i boundarydemo -i boundarydemo-signed-cert.pub

I think this means the secret, boundarydemo-signed-cert.pub will be exposed to the client. Do you have a plan to expand connect helper to other ways . I especially prefer to have ssh and exec (mysql).

1 Like