mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-15 11:07:00 +02:00
8e7f2076a2
* Remove dynamic keys from SSH Secrets Engine This removes the functionality of Vault creating keys and adding them to the authorized keys file on hosts. This functionality has been deprecated since Vault version 0.7.2. The preferred alternative is to use the SSH CA method, which also allows key generation but places limits on TTL and doesn't require Vault reach out to provision each key on the specified host, making it much more secure. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic ssh references from documentation Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic key secret type entirely Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify changelog language Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add removal notice to the website Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
42 lines
1.2 KiB
Go
42 lines
1.2 KiB
Go
package ssh
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func pathFetchPublicKey(b *backend) *framework.Path {
|
|
return &framework.Path{
|
|
Pattern: `public_key`,
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.ReadOperation: b.pathFetchPublicKey,
|
|
},
|
|
|
|
HelpSynopsis: `Retrieve the public key.`,
|
|
HelpDescription: `This allows the public key of the SSH CA certificate that this backend has been configured with to be fetched. This is a raw response endpoint without JSON encoding; use -format=raw or an external tool (e.g., curl) to fetch this value.`,
|
|
}
|
|
}
|
|
|
|
func (b *backend) pathFetchPublicKey(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
|
publicKeyEntry, err := caKey(ctx, req.Storage, caPublicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if publicKeyEntry == nil || publicKeyEntry.Key == "" {
|
|
return nil, nil
|
|
}
|
|
|
|
response := &logical.Response{
|
|
Data: map[string]interface{}{
|
|
logical.HTTPContentType: "text/plain",
|
|
logical.HTTPRawBody: []byte(publicKeyEntry.Key),
|
|
logical.HTTPStatusCode: 200,
|
|
},
|
|
}
|
|
|
|
return response, nil
|
|
}
|