keyvault-agent

An SSH Agent backed by Azure Key Vault keys

• Authenticate to Key Vault using Active Directory credentials, including VM managed identities
• SSH private keys are safeguarded in a vault
• Access to keys can be controlled by AD group membership, enabling just-in-time access via group membership

Installation

Linux or Mac OS

cargo install keyvault-agent
# Authenticate using a logged in Azure SDK (requires the Azure SDK).
# Other authentication methods are available.
keyvault-agent authenticate azure-sdk
keyvault-agent add-key {key vault key URI}

# Run this line for every new console.
eval $(keyvault-agent daemon)