Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

braindump from readme #12

Open
aidansteele opened this issue Jun 30, 2017 · 0 comments
Open

braindump from readme #12

aidansteele opened this issue Jun 30, 2017 · 0 comments
Labels
docs

Comments

@aidansteele
Copy link
Contributor 

lkp
  token
    create      # creates a token that can be authenticated by kms
    validate    # validates aforementioned token 
  ssh
    sign        # uses CA key to sign user or host key
    exec        # ask lambda func to sign ssh pubkey
    proxy       # to be used as ssh_config ProxyCommand. maybe allows user@i-<instance>?
  setup         # creates kms key+policy, ssh CA key, uploads lambda zip, everything
    --dry-run   # just emits cfn files, zip, ssh key, etc
    --do-it     # actually performs all the actions
  ec2
    sign        # sends host key to lambda, replaces instance key with signed version
    trustca     # adds 'cert-authority' flag to ~/.ssh/authorized_keys entry
  vouch         # create token to send out-of-bound to person who needs 2-operator login
    --recipient
    --duration
    --host
  lambda        # fulfils the lambda func, is passed fn args in stdin by thin wrapper
aidansteele added a commit that referenced this issue Jun 30, 2017
@aidansteele
Started skeletal README (#9)
44934db 
Moved braindump of CLI usage into #12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aidansteele