How to create a credential library to provide ssh credentials to sessions

In the new Boundary functionality for Vault integration, you can create a credential library to generate credentials for sessions.
In the example we have in the Boundary documentation, this function is used for a database.

how can i accomplish the same however with Vault’s ssh secret? Since you need to enter the ip to generate credential

Updating: I managed to make the ssh secret work by defining the http_method and http_body_request settings:

boundary credential-libraries create vault
-credential-store-id {CSVLT_ID}
-vault-path “PATH OF YOUR SSH SECRET”
-vault-http-method “POST”
-vault-http-request-body ‘{“ip”:ip you want to get credential}’

Now, on the boundary desktop, it brings me the credentials

4 Likes

You are absolutly right. We’ve spend a lot of time to figure out this “solution”.

I think this is not a solution because it does not match to the goals, which boundary try to solve. Boundary says about itself, that it will fill the gab in dynamic enviroments to connect changing addresses.

With filling the IPAdress into an credential-library, this target is not reached, because you have to spend a lot of unnessesary time and energy to create targets matching cred-library and hosts which ip-adresses have to match the http-post-request-body… that is hard to manage.

@hashicorp: I think this is not the point you try to get. How can we dynamicaly put the IP-Adress of the host into the request?

1 Like

I really need to know how to dynamically return the required host credentials. Hope there is a solution. :wink:

1 Like

Currently, there is no good solution to solve this problem, but we are aware of it being a pain point. We appreciate everyone’s patience as we think through ways to best solve it. We really appreciate everyone’s feedback and enthusiasm for Boundary!

1 Like

@mgaffney I’ve finally hopped on the Boundary bandwagon! Wondering if there’s any update for what you mentioned in your last comment - dynamically providing the address to the HTTP request body. In the meantime I’ll likely try out creating several credential libraries to match up to my targets/hosts.

Love Boundary btw!

@paladin-devops sorry, no updates yet

1 Like

Hello,
is there any news for the issues mentioned in this discussion? thank you for your answers.
Best regards.
Nassim

1 Like

I just saw that v0.11.1 was released! :tada: Templating user info is now supported, but not yet the target machine IP address (required by the Vault SSH secrets engine).