scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

website: Update api-docs for /ssh/sign/:name and /ssh/issue/:name (#17694)

Browse Source 
Extend the documentation the API endpoint '/ssh/issue/:name' (added
in #15561 with v1.12.0) and '/ssh/issue/:name':

- Be more specific that the issued certificate uses the defaults
  given of the role at the given endpoint; and that it is subject
  to the limitations configured in this role.

- Note that the endpoint /ssh/issue/:name is available with v1.12+.

- Make it more clear that the generated credentials are only returned
  but not stored by Vault (not just the generated private key).
This commit is contained in:
Bernhard Kaindl
2022-10-27 16:56:08 +02:00
committed by GitHub
parent ab6fecb2d5
commit 184a4e4ff1
1 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
website/content/api-docs/secret/ssh.mdx
View File

@@ -820,6 +820,17 @@ $ curl \
This endpoint signs an SSH public key based on the supplied parameters, subject
to the restrictions contained in the role named in the endpoint.
It is similar to the endpoint `/ssh/issue/:name`. Instead of issuing new
SSH credentials, this returns a certificate for the given SSH public key.
The issued certificate uses the defaults specified in the role named in
this endpoint. Where not restricted by the parameters of this role, the
parameters of the issued certificate can be further customized in this API call.
~> **Note**: The issued certificate is returned but _not_ stored by Vault.
If you do not save it from the response, request it again by repeating
this request.
| Method | Path |
| :----- | :---------------- |
| `POST` | `/ssh/sign/:name` |
@@ -887,11 +898,18 @@ $ curl \
## Generate Certificate and Key
This endpoint generates a new set of credentials (private key and certificate)
based on the role named in the endpoint.
This endpoint issues a new set of SSH credentials (private key and certificate).
~> **Note**: The private key is _not_ stored. If you do not save the private
key from the response, you will need to request a new certificate.
It is similar to the endpoint `/ssh/sign/:name`: Instead of signing an existing
SSH public key, it generates and issues new SSH credentials (key and certificate).
The issued certificate uses the defaults specified in the role named in
this endpoint. Where not restricted by the parameters of this role, the
parameters of the issued certificate can be further customized in this API call.
~> **Note**: The issued credentials are returned but _not_ stored by Vault.
If you do not save them from the response, issue new credentials by using
this request again. This endpoint is available with Vault version 1.12+.
| Method | Path |
| :----- | :---------------- |