README.md

Reference

Table of Contents

Classes

Public Classes

• hashicorp_vault::ssh_client: This class will configure the function vault_ssh to make it easier to ssh to machines using keys signed by Hashicorp Vault Usage: `vault_ss
• hashicorp_vault::ssh_server: This class will configure the node to use a host key signed by Hashicorp Vault Authentication to the Vault server will be done using the Pupp

Private Classes

• hashicorp_vault::lib_binary: This class should not be directly called

Classes

hashicorp_vault::ssh_client

This class will configure the function vault_ssh to make it easier to ssh to machines using keys signed by Hashicorp Vault Usage: vault_ssh ${server}

Parameters

The following parameters are available in the hashicorp_vault::ssh_client class:

• vault_server
• auth_method

vault_server

Data type: String

The url for the Hashicorp Vault server

auth_method

Data type: Enum['ldap']

The authentication method that will be used with Hasicorp Vault

hashicorp_vault::ssh_server

This class will configure the node to use a host key signed by Hashicorp Vault Authentication to the Vault server will be done using the Puppet node's certificate

Parameters

The following parameters are available in the hashicorp_vault::ssh_server class:

• vault_server
• vault_public_key
• vault_ssh_engine

vault_server

Data type: String

The url for the Hashicorp Vault server

vault_public_key

Data type: Optional[String]

The public key from the SSH engine that will be trusted. vault_ssh_engine is not needed if this is defined

Default value: undef

vault_ssh_engine

Data type: Optional[String]

The engine name within the Hashicorp Vault server for the ssh CA so the key can be downloaded from the server. vault_public_key is not needed if this is defined.
NOTICE: Because Hashicorp Vault dynamically generates the page, Puppet will always see the file as changed and will re-write the CA file.

Default value: undef