VAULT API - Add private key

GarsDuCalvados · June 24, 2021, 12:53pm

Hi,

I am able to use Vault API to add credential in secret.

But now i want to add ssh-private.key to VAULT by API.

I use this :

curl \
    -H "X-Vault-Token: s.r73Edq2p0fYpLswfDWfds7ROv" \
    -H "Content-Type: application/json" \
    -X POST \
    -d '{
   "data":{
      "user1": "AxnCK93snwM749", "user2": "AnMSl08itiM872",
      "user2_ssh.private_key":"-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,4DBBC4767D00A2453BC8AD3E124413A8

jq4pUK5NyRLbYAeJy1niskCeZKbbOQ5CxAA+/+DFO+mWzsrDOoBuhbtywyRpcc2t
A5TEJKIDxforDKblgoHwBZ6CEgUAQqaz6pv6dBQ0caZAsQeCntiE/9HW6uCCn7Ay
ZkUCFIXRzmJg3bGzNWV6/2LisfssIDh7o4K4A3ooaEQbBwtKxlo7jg/sEgjAdJrQ
sbAka0Qn5RYZByV0wjav3eCjBRvvUW2dMzsgqM5GOnwNz7dhOwHLpbgMOz/PNks4
QHuD0YEv7qQY04uZJ3F38OXE0sAq2S15Ys/ea5T5CMzsqbFDXfN7Sw5FrlWDJ2Xz
cwebdAmV980jMHdVU6G+fHZxMQWAv0qdPwp9kUBsoAzyrU9qLYWWNROmn5OfklS4
Ndsa63IMC1RjJLYRAHXoGKBUqQ+2fu/qEv5YQ/eYioXUe0xzxVVnl5ahJs5nNd65
uhLGacQ5CogWEno5XD6Vj5RqsVitjnTSiFh3AH/bVG5PBP7C+n0xlZ9zCi2w5sde
COz9grLkMujjswfK3cP6yvJmejp18PtMiVygegMrssKMJbXb4ufyDfC1fQDHAZZh
JqjnA9BoV4TbHCxvQTrTSmrICw2q2kEBzKL1mYRk0H7NKXxqKBd0VnNFzIjbA5Mb
U1LakcpKqZ6EKuuu2SX1bjRQmwy2CBz2YKiduMk7HgmOeGxikD//DwscrdO6NaZY
FKAnvuWxcs39vPGfbh5qv7ZTm+Z8jF2Dir6W6QhixL8+RtP9ZS3PyNLTUGnJVDgt
jTbxUn4dBBqafugVXlJK6HYG2eYheaZcsdwZQoMzmVAqNCTkkFtFpFBwL1pyfM5/
GB6KZHRPZd5zkusLM+PpA8IxmLjeCcyez3aprqmQES1w4ZzcOY8Ps2Rbrz3JCi9C
r81c7vQUd81rUsDIF7I/eW/egvxwC1bfTJeU8ExqX82y6wX/qAW+SyxKi72OUzRa
j+M6Pb4hrFpFjOFkOenhPPqQeLNEVE/wPlVPCkR+28PsHGrfXfHdfuRUgolNodn3
Ej66858WQmUKQ8v1oNr/bgA9Oval0rG8Hs2DidRs07cncyvfJmWl7GoBxAVt0/e4
aY4Rlxt9FuDB4znjZsqQySedQ/5AHM5MhmsECMk4sYVpe4ZmLy/7ADFbL4FQSAHX
Ch+Qn06hzQcP8W9t3t/xCXzut6bVHYbb4Gf4Yvvv4g1W42q/gkbNNC3j/5PBsLu2
bAHDEWwY2XZZQZ0aggXTpAkqtkSfdxJv2gX6jh2EOriCShWZmhF5+1LN+egbqUnK
9ZWPBwHkPp1K4iMGE3hgjelk3GOW4iigZ/8O5lB0PI0XOo5jXKJj22MTzr2NEAIx
9z+SydT8fuwAv8/7feqPTrS5xEEhHfpansYU9qprV2ecWYMoD2TpKR8e4RM5Us5l
Pj1TkAlI6yX2m2teAOL8OqvWy0OpT4YOQafs7m2OECjfPOUU7CAM/72JaZMXl4bI
tcqet946CAHcP+bcYju533gr/wYNJDpKLZQ71C/plP3BlncuTjv0nv9nK1aNR7MP
9vcRP1VgoOm7Ju8yGPSQiuFo6hp0oVPkRgu8nOrCa1oUDDh861askc6aW/oqHBtY
-----END RSA PRIVATE KEY-----"
   }
}' \
    https://srv-vault:8200/v1/secret/data/server/srv01

But i have this message :
{"errors":["error parsing JSON"]}

I think the problem is the carriage return but i need to keep them to keep integirtyt of private key.

Thanks for your help,

Regards,
Matthieu

GarsDuCalvados · June 24, 2021, 1:00pm

i done a test to convert carriage return by \n and it’s work.
I need to format my private key before insert it by API.

Matt

GarsDuCalvados · June 25, 2021, 7:03am

Hi,

Yes it’s OK now. before integration ssh private key we need to replace carriage return by \n.

Exemple with Ansible (variabble creation beofre inject in VAULT API :

- name: "{{ titre_generation_key }} - Récupération de la clé privée."
  shell: awk 'BEGIN{RS="\n";ORS="\\n"}1' /home/test/USER/pwd/{{ server_name }}/ssh/{{ local_user}}_ssh_key
  register: tmp_ssh_private_key

Regards,
Matthieu