we have Vault, at moment for testing purposes, and I stored in k/v secrets, a ssh private key and the ssh config to login onto some servers.
How can I use vault, as CLI, to retrieve the priv ssh key and then connect to a server automatically from a terminal?
I’d rather recommend to use Vault’s SSH backend to manage access, this gives you fine grained control:
The Vault SSH secrets engine provides secure authentication and authorization
for access to machines via the SSH protocol. There are multiple modes to the
Vault SSH secrets engine including signed SSH certificates, dynamic SSH keys,
Here is also a good presentation on that subject:
HashiCorp Vault is a very powerful tool and can easily be adapted to manage SSH keys, one time passwords, and even run as a CA to sign SSH credentials. This talk will deep dive into the capabilities of Vault with respect to SSH, and demo how one-time...
The problem is that the vault ssh dynamic keys are deprecated and, at the moment, I want to create something for the servers already deployed.
Probably the best way is to use signed certificates, so you can always revoke access for single users.
ok thanks. I ll give it a try but still I need to change conf on all the servers.