881ae5a303
* Remove dynamic keys from SSH Secrets Engine This removes the functionality of Vault creating keys and adding them to the authorized keys file on hosts. This functionality has been deprecated since Vault version 0.7.2. The preferred alternative is to use the SSH CA method, which also allows key generation but places limits on TTL and doesn't require Vault reach out to provision each key on the specified host, making it much more secure. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic ssh references from documentation Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic key secret type entirely Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify changelog language Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add removal notice to the website Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
37 lines
1.2 KiB
Plaintext
37 lines
1.2 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: SSH - Secrets Engines
|
|
description: |-
|
|
The Vault SSH secrets engine provides secure authentication and authorization
|
|
for access to machines via the SSH protocol. There are two modes to the Vault
|
|
SSH secrets engine including signed SSH certificates and one-time passwords.
|
|
---
|
|
|
|
# SSH Secrets Engine
|
|
|
|
Name: `ssh`
|
|
|
|
The Vault SSH secrets engine provides secure authentication and authorization
|
|
for access to machines via the SSH protocol. The Vault SSH secrets engine helps
|
|
manage access to machine infrastructure, providing several ways to issue SSH
|
|
credentials.
|
|
|
|
The Vault SSH secrets engine supports the following modes. Each mode is
|
|
individually documented on its own page.
|
|
|
|
- [Signed SSH Certificates](/vault/docs/secrets/ssh/signed-ssh-certificates)
|
|
- [One-time SSH Passwords](/vault/docs/secrets/ssh/one-time-ssh-passwords)
|
|
|
|
All guides assume a basic familiarity with the SSH protocol.
|
|
|
|
## Removal of Dynamic Keys feature
|
|
|
|
Per [Vault 1.12's deprecation notice page](/vault/docs/v1.12.x/deprecation),
|
|
the dynamic keys functionality of this engine has been removed in Vault 1.13.
|
|
|
|
## API
|
|
|
|
The SSH secrets engine has a full HTTP API. Please see the
|
|
[SSH secrets engine API](/vault/api-docs/secret/ssh) for more
|
|
details.
|