Welcome to Paramiko-Cloud’s documentation!¶
This project aims to extend Paramiko to provide SSH keys that are backed by cloud-based key management services. Further, SSH certificate signing capabilities are added that make implementation of SSH certificate authorities straightforward.
Installation¶
Install Paramiko-Cloud using pip:
# Install with AWS support
pip install paramiko-cloud[aws]
# Install with Azure support
pip install paramiko-cloud[azure]
# Install with GCP support
pip install paramiko-cloud[gcp]
Examples¶
Amazon Web Services¶
from paramiko_cloud.aws.keys import ECDSAKey
ca_key = ECDSAKey(
"arn:aws:kms:ap-northeast-1:012345678901:key/e9a4e926-b826-46fe-840d-58d44f0c6a89",
region_name="ap-northeast-1"
)
client_key = RSAKey.generate(1024)
cert_string = ca_key.sign_certificate(
client_key,
["test.user"]
).cert_string()
Microsoft Azure¶
from azure.identity import DefaultAzureCredential
from paramiko_cloud.azure.keys import ECDSAKey
credential = DefaultAzureCredential()
ca_key = ECDSAKey(
credential,
"https://your.vault.url/",
"key_name"
)
client_key = RSAKey.generate(1024)
cert_string = ca_key.sign_certificate(
client_key,
["test.user"]
).cert_string()
Google Cloud Platform¶
from google.cloud import kms
from paramiko_cloud.gcp.keys import ECDSAKey
kms_client = kms.KeyManagementServiceClient()
key_name = "projects/PROJECT_NAME/locations/REGION_NAME/keyRings/YOUR_KEY_RING_NAME/cryptoKeys/YOUR_KEY_NAME/cryptoKeyVersions/YOUR_KEY_VERSION"
ca_key = ECDSAKey(kms_client, key_name)
client_key = RSAKey.generate(1024)
cert_string = ca_key.sign_certificate(
client_key,
["test.user"]
).cert_string()