Handlers

SSH Agent

Overview

The SSH Agent handler enables the Secretless Broker to replace ssh-agent by providing similar functionality over a socket without exposing keys. Once running, export SSH_AUTH_SOCK to equal the path of your listener socket targeted by this handler.

Credentials

  • rsa or ecdsa
    Required
    RSA or ECDSA private key

  • comment
    Optional
    free-form string

  • lifetime
    Optional
    if not 0, the number of seconds the agent will store the key for

  • confirm
    Optional
    confirms with user before using if true

Example

listeners:
  - name: ssh_agent_listener
    protocol: ssh-agent
    socket: /sock/.agent

handlers:
  - name: ssh_agent_handler
    listener: ssh_agent_listener
    credentials:
      - name: rsa
        provider: file
        id: /id_rsa

With the Secretless Broker running this configuration, use it in replacement of ssh-agent by exporting SSH_AUTH_SOCK:

$ export SSH_AUTH_SOCK=/sock/.agent

Ready to use Secretless Broker in your Kubernetes environment? Check out our Kubernetes tutorial or our deployment guides!