API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 27th, 2017
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.09 KB | None | 0 0
raw download clone embed print report
  1. cat bless_deploy.cfg
  2. # This section and its options are optional
  3. [Bless Options]
  4.  
  5. # Number of seconds +/- the issued time for the certificate to be valid
  6. certificate_validity_after_seconds = 120
  7. certificate_validity_before_seconds = 120
  8.  
  9. # Minimum number of bits in the system entropy pool before requiring an additional seeding step
  10. entropy_minimum_bits = 2048
  11.  
  12. # Number of bytes of random to fetch from KMS to seed /dev/urandom
  13. random_seed_bytes = 256
  14.  
  15. # Set the logging level
  16. logging_level = INFO
  17.  
  18. # Comma separated list of the SSH Certificate extensions to include. Not specifying this uses the ssh-keygen defaults:
  19. # certificate_extensions = permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc
  20. # Username validation options are described in bless_request.py:USERNAME_VALIDATION_OPTIONS
  21. # Configure how bastion_user names are validated.
  22. # username_validation = useradd
  23. # Configure how remote_usernames names are validated.
  24. # remote_usernames_validation = principal
  25.  
  26. # These values are all required to be modified for deployment
  27.  
  28.  
  29. [Bless CA]
  30. # You must set an encrypted private key password for each AWS Region you deploy into
  31. # for each aws region specify a config option like '{}_password'.format(aws_region)
  32. us-west-2_password = AQICAHjOatjV8fUy0tQ/1I8mgIfTWd9rs1gRoksJq1i3xNIO4wFS5hdYswnk+VxT+0D4KLV4AAAAhzCBhAYJKoZIhvcNAQcGoHcwdQIBADBwBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDI2LvPxPa6wv4GluvQIBEIBDfIHZngMsZCZVeqW2JWWLh/P9wdRKuL5oAr1lNhCdD1pC6nXeM1ERAJ+utjDX4hnhwW5KUwkhkh9NHRpFXJZf8cIaXA==
  33.  
  34. # Specify the file name of your SSH CA's Private Key in PEM format.
  35. ca_private_key_file = bless-ca.pem
  36.  
  37. # This section is optional
  38.  
  39.  
  40. [KMS Auth]
  41. # Enable kmsauth, to ensure the certificate's username matches the AWS user
  42. use_kmsauth = True
  43.  
  44. # One or multiple KMS keys, setup for kmsauth (see github.com/lyft/python-kmsauth)
  45. kmsauth_key_id = arn:aws:kms:us-west-2:515720457059:key/9a055fd9-47b9-4930-821c-59f56e834b10
  46.  
  47. # If using kmsauth, you need to set the kmsauth service name. Users need to set the 'to'
  48. # context to this same service name when they create a kmsauth token.
  49. kmsauth_serviceid = bless
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!