Changes from code review

builtin/logical/ssh/backend_test.go

@@ -537,7 +537,6 @@ func TestBackend_AbleToAutoGenerateSigningKeys(t *testing.T) {
 				Operation: logical.UpdateOperation,
 				Path:      "config/ca",
 				Data: map[string]interface{}{
-					"generate_signing_key":  true,
 				},
 			},
 

builtin/logical/ssh/path_config_ca.go

@@ -27,6 +27,7 @@ func pathConfigCA(b *backend) *framework.Path {
 			"generate_signing_key": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `Generate SSH key pair internally rather than use the private_key and public_key fields.`,
+				Default: true,
 			},
 		},
 
@@ -104,7 +105,14 @@ func generateSSHKeyPair() (string, string, error) {
 func parseSSHKeyPair(data *framework.FieldData) (string, string, error) {
 
 	publicKey := data.Get("public_key").(string)
+	if publicKey == "" {
+		return "", "", errutil.UserError{Err: `missing public_key`}
+	}
+
 	privateKey := data.Get("private_key").(string)
+	if privateKey == "" {
+		return "", "", errutil.UserError{Err: `missing public_key`}
+	}
 
 	_, err := ssh.ParsePrivateKey([]byte(privateKey))
 	if err != nil {

website/source/docs/secrets/ssh/index.html.md

@@ -301,7 +301,7 @@ The first thing to do is to get Vault to generate the key pair that will be used
 SSH keys:
 
 ```text
-$ vault write ssh/config/ca generate_signing_key=true
+$ vault write -f ssh/config/ca
 Success! Data written to: ssh/config/ca
 ```