From 283f327387b7cfcfe7869e47c57edac01ee7a5d5 Mon Sep 17 00:00:00 2001 From: Andreas Markwirth Date: Mon, 26 Aug 2024 11:58:09 +0200 Subject: [PATCH] add ssh-key signing --- ssh.go | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 ssh.go diff --git a/ssh.go b/ssh.go new file mode 100644 index 0000000..99bdce0 --- /dev/null +++ b/ssh.go @@ -0,0 +1,51 @@ +package vault + +type SSH struct { + Service +} + +func (c *Client) SSH() *SSH { + return c.SSHWithMountPoint("ssh") +} + +func (c *Client) SSHWithMountPoint(mountPoint string) *SSH { + return &SSH{ + Service: Service{ + client: c, + MountPoint: mountPoint, + }, + } +} + +type SSHSignOptions struct { + PublicKey string `json:"public_key"` + CertType string `json:"cert_type,omitempty"` + ValidPrincipals string `json:"valid_principals,omitempty"` +} + +type SSHSignResponse struct { + LeaseID string `json:"lease_id"` + Renewable bool `json:"renewable"` + LeaseDuration int `json:"lease_duration"` + Data struct { + SerialNumber string `json:"serial_number"` + SignedKey string `json:"signed_key"` + } `json:"data"` +} + +func (k *SSH) Sign(role string, sshopts SSHSignOptions) (*SSHSignResponse, error) { + response := &SSHSignResponse{} + err := k.client.Write( + []string{ + "v1", + k.MountPoint, + "sign", + role, + }, sshopts, response, nil, + ) + if err != nil { + return nil, err + } + + return response, nil +}