By studyk8s # To view in Web UI
path "sys/mounts" {
capabilities = [ "read", "update" ]
}
# To configure the SSH secrets engine
path "ssh/*" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
# To enable secrets engines
path "sys/mounts/*" {
capabilities = [ "create", "read", "update", "delete" ]
}
/ $ vault secrets enable ssh
Success! Enabled the ssh secrets engine at: ssh/
/ $
/ $ vault write ssh/roles/otp_key_role \
> key_type=otp \
> default_user=ubuntu \
> cidr_list=0.0.0.0/0
Success! Data written to: ssh/roles/otp_key_role
/ $
/ $
/ $ vault secrets enable ssh
Success! Enabled the ssh secrets engine at: ssh/
/ $
/ $ vault write ssh/roles/otp_key_role \
> key_type=otp \
> default_user=ubuntu \
> cidr_list=0.0.0.0/0
Success! Data written to: ssh/roles/otp_key_role
/ $
/ $ vault auth enable userpass
Success! Enabled userpass auth method at: userpass/
/ $
/ $ vault write auth/userpass/users/bob password="training" policies="ssh-otp"
Success! Data written to: auth/userpass/users/bob
/ $
