--- # Deploy OpenBao SSH user CA trust and per-user auth_principals. # # Prerequisite: railiance-platform openbao-configure-ssh (exports CA pubkey). # # cd ~/railiance-platform # OPENBAO_TOKEN_FILE=~/.local/openbao/platform-admin.token \ # OPENBAO_SSH_CA_PUBKEY_OUT=/tmp/openbao-ssh-ca.pub \ # make openbao-configure-ssh # # cd ~/railiance-infra # make bootstrap-ssh-ca SSH_CA_PUBKEY=/tmp/openbao-ssh-ca.pub - hosts: all become: true vars_files: - ../inventory/ssh_principals.yaml roles: - role: ssh_ca_host