Follow up: SSH agent and example

[wernerfred]

Hey, just want to follow up on this discussion in the vault repository.

About the ssh-agent, doing this with the normal vault command can not be done without hashicorp support as it needs modification in vault itself.

That is what we discovered, too. Damn that it is not supported right now and seems like there will be no effort in near time.

You can however use your own tool to do this and get a token (I'm using this internally), I'll try to put an example on my site later.

We are interested in the way you are using the plugin. Would be nice if you can share insights.

cc @sh0shin

[42wim]

I made a quick code example for use with ssh certificates in https://github.com/42wim/vault-plugin-auth-ssh/tree/master/vssh

Some background in our actual setup, we use vault with the oidc plugin (and our own MFA setup/ssh agent) to sign short-lived generated SSH certificates. As we have those certificates now in our agent, why not use these to again authenticate against vault on our servers (instead of doing the whole oidc dance).