Files
railiance-infra/ansible/playbooks/bootstrap-ssh-ca.yaml
tegwick c31d70b53f feat(ssh): add bootstrap-ssh-ca role for OpenBao SSH user CA trust
Deploy TrustedUserCAKeys, auth_principals from ssh_principals.yaml, and
Makefile targets bootstrap-ssh-ca / bootstrap-ssh-ca-host (NET-WP-0020 T5).
2026-06-18 01:06:43 +02:00

20 lines
539 B
YAML

---
# Deploy OpenBao SSH user CA trust and per-user auth_principals.
#
# Prerequisite: railiance-platform openbao-configure-ssh (exports CA pubkey).
#
# cd ~/railiance-platform
# OPENBAO_TOKEN_FILE=~/.local/openbao/platform-admin.token \
# OPENBAO_SSH_CA_PUBKEY_OUT=/tmp/openbao-ssh-ca.pub \
# make openbao-configure-ssh
#
# cd ~/railiance-infra
# make bootstrap-ssh-ca SSH_CA_PUBKEY=/tmp/openbao-ssh-ca.pub
- hosts: all
become: true
vars_files:
- ../inventory/ssh_principals.yaml
roles:
- role: ssh_ca_host