Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

vaultssh_bootstrap (2) Versions 1.0.0

Sets up Vault SSH public key

Policyfile
Berkshelf
Knife
cookbook 'vaultssh_bootstrap', '= 1.0.0', :supermarket
cookbook 'vaultssh_bootstrap', '= 1.0.0'
knife supermarket install vaultssh_bootstrap
knife supermarket download vaultssh_bootstrap
README
Dependencies
Quality 17%

vaultssh_bootstrap

This cookbook is used to install the signed certificate public key on to a server to start using the Hashicorp Vault SSH secrets engine (signed ssh certificates). See this link for more details : https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

Pre-reqs

You must have a vault server provisioned, configured and unsealed.

You also need to configure vault with the CA signing client keys. See Steps 1 and 2 here: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates.html

Once this is done, the client signer public key is accessible via the API at the /public_key endpoint.

Usage

To use this resource from a cookbook, add the below depends statement to the metadata.rb file :
code
depends 'vaultssh_bootstrap', '~>1.0.0'

The resource can be used in a recipe as follows:
ruby
vault_ssh 'bootstrap_server' do
vault_url 'https://myvaultserver.com'
ca_key_name 'my-public-ca-key'
vault_ssh_path 'ssh-client-signer'
end

The properties are described below:

vault_url - The address to your vault server, for example https://myvaultserver.com

ca_key_name - The name of the public key to use for client signing. The public key will be retrieved from vault and saved to /etc/ssh/<i>ca_key_name</i>.pub

vault_ssh_path - This is the path the ssh secrets engine is mounted to in Vault. By default this is ssh but can be overridden when the secrets engine is enabled.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

linux-initial-config Applicable Versions

Collaborator Number Metric
            

1.0.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

1.0.0 failed this metric

FC067: Ensure at least one platform supported in metadata: vaultssh_bootstrap/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

1.0.0 passed this metric

Testing File Metric
            

1.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number