Dustin C. Hatch
b75d83cd32
We no longer need *root* in the list of authorized principals for user certificates issued by SSHCA.
25 lines
721 B
TOML
25 lines
721 B
TOML
machine_ids = "/var/lib/sshca/machine-ids.json"
|
|
|
|
[oidc]
|
|
discovery_url = "https://auth.pyrocufflink.blue"
|
|
client_id = "sshca"
|
|
|
|
[ca.host]
|
|
private_key_file = "/run/sshca/secrets/host/key/host-ca-key"
|
|
private_key_passphrase_file = "/run/sshca/secrets/host/passphrase/host-ca-key.passphrase"
|
|
|
|
[ca.user]
|
|
private_key_file = "/run/sshca/secrets/user/key/user-ca-key"
|
|
private_key_passphrase_file = "/run/sshca/secrets/user/passphrase/user-ca-key.passphrase"
|
|
|
|
[ca.user.group_principals]
|
|
"Server Admins" = [
|
|
"core",
|
|
]
|
|
|
|
[[libvirt]]
|
|
uri = "qemu+ssh://sshca@vmhost0.pyrocufflink.blue/system?keyfile=/run/sshca/libvirt/sshkey"
|
|
|
|
[[libvirt]]
|
|
uri = "qemu+ssh://sshca@vmhost1.pyrocufflink.blue/system?keyfile=/run/sshca/libvirt/sshkey"
|