Resource Type: vault_ssh_cert

Overview

A type representing an SSH certificate issued by Hashicorp Vault

Properties

ensure (defaults to: present)

The basic property that the resource should be in.
Supported values:
- present
- absent
expiration (defaults to: auto)

Read-only property showing the expiration time of the certificate
Supported values:
- auto
file

Path the signed certificate should be written
group (defaults to: root)

The group which the certificate file should be owned by
mode (defaults to: 0640)

The file mode the certificate file should be written with
owner (defaults to: root)

The user which the certificate file should be owned by
valid_principals (defaults to: [])

Users or hostnames which the issued certificate should be valid for

Parameters

auth_name

The named certificate role used to authenticate puppet agent to vault
auth_path (defaults to: puppet-pki)

The path used to authenticate puppet agent to vault
ca_trust

Optional path to the file containing trusted certificate authorities
cert_type (defaults to: host)

Cert type to issue (“user” or “host”)
name (namevar)

Path to the public key the certificate should be issued for
provider

The specific backend to use for this ‘vault_ssh_cert` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
renewal_threshold (defaults to: 3)

Certificate should be renewed when fewer than this many days remain before expiry
timeout (defaults to: 5)

Length of time to wait on vault connections
ttl

Lifetime to request any newly issued certificates should be valid for
vault_uri

The full URI of the vault PKI secrets engine