const ALL_BACKENDS_ADMIN_SSS_NON_ADMIN_PLAINTEXT: &[u8] = b"system:\n iteration: 1\n admin_secret_handling:\n shamirs-secret-sharing:\n number_of_shares: 3\n threshold: 2\n non_admin_secret_handling: plaintext\n mappings:\n - share_holder:\n system_user: share-holder1\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN54Gd1jMz+yNDjBRwX1SnOtWuUsVF64RJIeYJ8DI7b\n user@host\n - share_holder:\n system_user: share-holder2\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDgwGfIRBAsOUuDEZw/uJQZSwOYr4sg2DAZpcc7MfOj\n user@host\n - share_holder:\n system_user: share-holder3\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWqWyMCk5BdSl1c3KYoLEokKr7qNVPbI1IbBhgEBQj5\n user@host\n - wire_guard_download:\n system_user: wireguard-downloader\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh9BTe81DC6A0YZALsq9dWcyl6xjjqlxWPwlExTFgBt\n user@host\nnethsm:\n connections:\n - url: https://localhost:8080/\n tls_security: Unsafe\n - url: https://localhost:8081/\n tls_security: Unsafe\n mappings:\n - admin: admin\n - admin: ns1~admin\n - backup:\n backend_user: backup\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrIYA+bfMBThUP5lKbMFEHiytmcCPhpkGrB/85n0mAN\n user@host\n system_user: nethsm-backup-user\n - hermetic_metrics:\n backend_users:\n metrics_user: hermeticmetrics\n operator_users:\n - hermetickeymetrics\n system_user: nethsm-hermetic-metrics-user\n - metrics:\n backend_users:\n metrics_user: metrics\n operator_users:\n - keymetrics\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkpXKiNhy39A3bZ1u19a5d4sFwYMBkWQyCbzgUfdKBm\n user@host\n system_user: nethsm-metrics-user\n - signing:\n backend_user: signing\n signing_key_id: signing1\n key_setup:\n key_type: Curve25519\n key_mechanisms:\n - EdDsaSignature\n signature_type: EdDsa\n key_context:\n openpgp:\n user_ids:\n - Foobar McFooface <foobar@mcfooface.org>\n version: \"4\"\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh96uFTnvX6P1ebbLxXFvy6sK7qFqlMHDOuJ0TmuXQQ\n user@host\n system_user: nethsm-signing-user1\n tag: signing1\n - signing:\n backend_user: ns1~signing\n signing_key_id: signing1\n key_setup:\n key_type: Curve25519\n key_mechanisms:\n - EdDsaSignature\n signature_type: EdDsa\n key_context:\n openpgp:\n user_ids:\n - Barfoo McBarface <barfoo@mcbarface.org>\n version: \"4\"\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr4wdlEv3ZKkDufEQTZSLOjDLO3DeNN2pqKmp00ufIu\n user@host\n system_user: ns1-signing-user\n tag: signing1\nyubihsm2:\n connections:\n - usb:\n serial_number: 12345678\n - usb:\n serial_number: 87654321\n mappings:\n - admin:\n authentication_key_id: 1\n - audit_log:\n authentication_key_id: 2\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxR0Oc+SWXkEvvZPitc6NvjvykgiKc9iauRI7tLYvcp\n user@host\n system_user: yubihsm2-metrics-user\n - backup:\n authentication_key_id: 3\n wrapping_key_id: 2\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETxhCqeZhfzFLfH0KFyw3u/w/dkRBUrft8tQm7DEVzY\n user@host\n system_user: yubihsm2-backup-user\n - hermetic_audit_log:\n authentication_key_id: 4\n system_user: yubihsm2-hermetic-metrics-user\n - signing:\n authentication_key_id: 5\n key_setup:\n key_type: Curve25519\n key_mechanisms:\n - EdDsaSignature\n signature_type: EdDsa\n key_context:\n openpgp:\n user_ids:\n - Foobar McFooface <foobar@mcfooface.org>\n version: \"4\"\n domain: 1\n signing_key_id: 1\n ssh_authorized_key: >-\n ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClIXZdx0aDOPcIQA+6Qx68cwSUgGTL3TWzDSX3qUEOQ\n user@host\n system_user: yubihsm2-signing1\n";Expand description
Config with NetHSM and YubiHSM2 backends.
- Shamir’s Secret Sharing for administrative secrets
- plaintext for non-administrative secrets