On 13/02/2024 09:35, Gilbert Netzer wrote:
we have not yet
found a good way to for example get a token, e.g. a SSH key or certificate,
in or out of the web-browser into the non-web part, for instance a SSH agent
Here's something I knocked together for my own use:
https://github.com/candlerb/vault-ssh-agent-login
You run this from the command line, and it talks to your local
ssh-agent. If you don't have a suitable certificate already then it
generates a new key pair, gets Vault to sign it, and then inserts the
new key and cert into ssh-agent (set to expire when the cert expires).
If you're using Vault with OIDC auth then it opens a browser window for
that part, similar to how kubelogin works.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
