HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Vault
Vault Home

SSH secrets engine

[!IMPORTANT]
Documentation Update: Product documentation, which were located in this repository under /website, are now located in hashicorp/web-unified-docs, colocated with all other product documentation. Contributions to this content should be done in the web-unified-docs repo, and not this one. Changes made to /website content in this repo will not be reflected on the developer.hashicorp.com website.

The Vault SSH secrets engine provides secure authentication and authorization for access to machines via the SSH protocol. The Vault SSH secrets engine helps manage access to machine infrastructure, providing several ways to issue SSH credentials.

The Vault SSH secrets engine supports the following modes. Each mode is individually documented on its own page.

All guides assume a basic familiarity with the SSH protocol.

Removal of dynamic keys feature

Per Vault 1.12's deprecation notice page, the dynamic keys functionality of this engine has been removed in Vault 1.13.

API

The SSH secrets engine has a full HTTP API. Please see the SSH secrets engine API for more details.

Edit this page on GitHub