[Solved] Problem for creating Roles for signing client SSH keys via CLI


I’m pretty new with Hashicorp Vault.

I’m trying to follow this guide to set up SSH access.

I’m stuck when i want to create roles via CLI (copy/paste code from the website) :

$ vault write ssh-client-signer/roles/administrator-role -<<EOH
 “allow_user_certificates”: true,
 “allowed_users”: “administrator”,
 “allowed_extensions”: “”,
 “default_extensions”: [
 “permit-pty”: “”
 “key_type”: “ca”,
 “default_user”: “administrator”,
 “ttl”: “30m0s”

Failed to parse K=V data: invalid key/value pair "-": invalid character 'â' looking for beginning of object key string

I can’t understand the error message, even more the command below from this page is working.

$ vault write ssh-client-signer/roles/my-role -<<"EOH"
  "algorithm_signer": "rsa-sha2-256",
  "allow_user_certificates": true,
  "allowed_users": "*",
  "allowed_extensions": "permit-pty,permit-port-forwarding",
  "default_extensions": {
    "permit-pty": ""
  "key_type": "ca",
  "default_user": "ubuntu",
  "ttl": "30m0s"

What you think about this error ?
What’s the right way to do that ?

Thx by advance, any help appreciated.

Whether the EOH on line 1 of these commands is quoted or not, affects how the shell processes the body of the text.

Yeah, i found : the quotation marks “” were a problem.

All is working fine with "" quotation marks.

Thx for pointing this out.