#key #ssh-agent #vault #azure #backed #credentials #identities

app keyvault-agent

ssh-agent backed by Azure Key Vault keys

1 unstable release

0.1.0-alpha Jun 16, 2020

#9 in #identities

MIT/Apache

24KB
559 lines

keyvault-agent

An SSH Agent backed by Azure Key Vault keys

  • Authenticate to Key Vault using Active Directory credentials, including VM managed identities
  • SSH private keys are safeguarded in a vault
  • Access to keys can be controlled by AD group membership, enabling just-in-time access via group membership

Installation

Linux or Mac OS

cargo install keyvault-agent
# Authenticate using a logged in Azure SDK (requires the Azure SDK).
# Other authentication methods are available.
keyvault-agent authenticate azure-sdk
keyvault-agent add-key {key vault key URI}

# Run this line for every new console.
eval $(keyvault-agent daemon)

Dependencies

~13–25MB
~404K SLoC