My target hosts are Centos 7.7 ones. I’m following the setup as mentioned on https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates. I just need a few clarifications.
-
In “Signing Key & Role Configuration” point 4, what should the “default_user” be? Should it be root (my Centos admin user), or some automation user who has access to my Vault, or perhaps my username as I’m doing a POC?
-
Again, in “Client SSH Authentication” point 2, I understand the “valid_principals” will be my username. Now suppose I want other users who have access to my Vault to be able to login using this method. In the docs I read that each user should have their own role for isolation. The name of the role “my-role” that’s given in the docs is for my user. But for the other user, do I need to execute “Signing Key & Role Configuration” point 4 and “Client SSH Authentication” point 2 again with a new role, suppose “my-role-user2” ?
Sorry if this is basic, but I couldn’t understand the docs perfectly.