Hi, hopefully I haven’t missed some documentation on some obvious place but I can’t seem to get this to work.
Vault Agent version: 1.15.4, Vault server version: 1.14.8
I’m trying to get vault agent to generatie my id_ed25519-cert.pub
file. However, I need to specify the extensions
field, which expects a map<string:string> and I can’t get the syntax right.
In my agent.hcl :
template {
# secrets/ssh-ca-sign-admin/sign/admin-debian-user.json
contents = <<EOF
{{- with secret "ssh-ca-sign-admin/sign/admin-debian-user.json"
"public_key=ssh-ed25519 AAAAC3Nza ... A3v+/JRYm7j "
"valid_principals=helpdesk,exploitatie"
"extensions=permit-pty,permit-port-forwarding,permit-agent-forwarding"
}}
{{ .Data.signed_key }}
{{- end }}
EOF
destination = "/home/peter-vanbiesen/creds.out"
error_on_missing_key = true
}
I always get :
* Field validation failed: error converting input permit-pty for field "extensions": '' expected a map, got 'string' (retry attempt 5 after "4s")
I tried several syntaxes, to no avail, eg:
"extensions={ \"permit-pty\": \"\", \"permit-port-forwarding\": \"\", \"permit-agent-forwarding\": \"\" }"
"extensions=permit-pty,permit-port-forwarding,permit-agent-forwarding"
Is there a way to do this ?
Maybe this is related to this issue : SSH Map Fields · Issue #2569 · hashicorp/vault · GitHub