2026-06-18 01:06:43 +02:00
|
|
|
# Declarative SSH CA roles for ops-warden ActorType policy.
|
|
|
|
|
# TTL max: adm 48h, agt 24h, atm 8h — wiki/OpsWardenConfig.md (ops-warden)
|
|
|
|
|
|
|
|
|
|
mount: ssh
|
|
|
|
|
|
|
|
|
|
roles:
|
|
|
|
|
adm-role:
|
|
|
|
|
key_type: ca
|
|
|
|
|
allowed_users: "*"
|
|
|
|
|
allow_user_certificates: true
|
2026-06-18 01:18:56 +02:00
|
|
|
allow_user_key_ids: true
|
2026-06-18 01:06:43 +02:00
|
|
|
default_user: adm
|
|
|
|
|
ttl: 48h
|
|
|
|
|
max_ttl: 48h
|
|
|
|
|
agt-role:
|
|
|
|
|
key_type: ca
|
|
|
|
|
allowed_users: "*"
|
|
|
|
|
allow_user_certificates: true
|
2026-06-18 01:18:56 +02:00
|
|
|
allow_user_key_ids: true
|
2026-06-18 01:06:43 +02:00
|
|
|
default_user: agt
|
|
|
|
|
ttl: 24h
|
|
|
|
|
max_ttl: 24h
|
|
|
|
|
atm-role:
|
|
|
|
|
key_type: ca
|
|
|
|
|
allowed_users: "*"
|
|
|
|
|
allow_user_certificates: true
|
2026-06-18 01:18:56 +02:00
|
|
|
allow_user_key_ids: true
|
2026-06-18 01:06:43 +02:00
|
|
|
default_user: atm
|
|
|
|
|
ttl: 8h
|
|
|
|
|
max_ttl: 8h
|