fix(openbao): complete SSH apply script for OpenBao 2.5.x issuers
Generate default CA via ssh/config/ca, split composite KUBECTL for role writes, read pubkey from config/ca, allow warden key_id in roles, prefer production kubeconfig.
This commit is contained in:
@@ -8,6 +8,7 @@ roles:
|
||||
key_type: ca
|
||||
allowed_users: "*"
|
||||
allow_user_certificates: true
|
||||
allow_user_key_ids: true
|
||||
default_user: adm
|
||||
ttl: 48h
|
||||
max_ttl: 48h
|
||||
@@ -15,6 +16,7 @@ roles:
|
||||
key_type: ca
|
||||
allowed_users: "*"
|
||||
allow_user_certificates: true
|
||||
allow_user_key_ids: true
|
||||
default_user: agt
|
||||
ttl: 24h
|
||||
max_ttl: 24h
|
||||
@@ -22,6 +24,7 @@ roles:
|
||||
key_type: ca
|
||||
allowed_users: "*"
|
||||
allow_user_certificates: true
|
||||
allow_user_key_ids: true
|
||||
default_user: atm
|
||||
ttl: 8h
|
||||
max_ttl: 8h
|
||||
Reference in New Issue
Block a user