Merge pull request #27 from markwirth-mw/ssh-key_signing

add ssh-key signing
mittwald · Aug 26, 2024 · 0213c0b · 0213c0b
2 parents 7a64d52 + 283f327
commit 0213c0b
Showing 1 changed file with 51 additions and 0 deletions.
diff --git a/ssh.go b/ssh.go
@@ -0,0 +1,51 @@
+package vault
+
+type SSH struct {
+	Service
+}
+
+func (c *Client) SSH() *SSH {
+	return c.SSHWithMountPoint("ssh")
+}
+
+func (c *Client) SSHWithMountPoint(mountPoint string) *SSH {
+	return &SSH{
+		Service: Service{
+			client:     c,
+			MountPoint: mountPoint,
+		},
+	}
+}
+
+type SSHSignOptions struct {
+	PublicKey       string `json:"public_key"`
+	CertType        string `json:"cert_type,omitempty"`
+	ValidPrincipals string `json:"valid_principals,omitempty"`
+}
+
+type SSHSignResponse struct {
+	LeaseID       string `json:"lease_id"`
+	Renewable     bool   `json:"renewable"`
+	LeaseDuration int    `json:"lease_duration"`
+	Data          struct {
+		SerialNumber string `json:"serial_number"`
+		SignedKey    string `json:"signed_key"`
+	} `json:"data"`
+}
+
+func (k *SSH) Sign(role string, sshopts SSHSignOptions) (*SSHSignResponse, error) {
+	response := &SSHSignResponse{}
+	err := k.client.Write(
+		[]string{
+			"v1",
+			k.MountPoint,
+			"sign",
+			role,
+		}, sshopts, response, nil,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return response, nil
+}