Skip to main content

ONLY_YUBIHSM2_MOCKHSM_ADMIN_SSS_NON_ADMIN_PLAINTEXT

signstar_config::test

Constant ONLY_YUBIHSM2_MOCKHSM_ADMIN_SSS_NON_ADMIN_PLAINTEXT 

Source 
const ONLY_YUBIHSM2_MOCKHSM_ADMIN_SSS_NON_ADMIN_PLAINTEXT: &[u8] = b"system:\n  iteration: 1\n  admin_secret_handling:\n    shamirs-secret-sharing:\n      number_of_shares: 3\n      threshold: 2\n  non_admin_secret_handling: plaintext\n  mappings:\n    - share_holder:\n        system_user: share-holder1\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN54Gd1jMz+yNDjBRwX1SnOtWuUsVF64RJIeYJ8DI7b\n          user@host\n    - share_holder:\n        system_user: share-holder2\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDgwGfIRBAsOUuDEZw/uJQZSwOYr4sg2DAZpcc7MfOj\n          user@host\n    - share_holder:\n        system_user: share-holder3\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWqWyMCk5BdSl1c3KYoLEokKr7qNVPbI1IbBhgEBQj5\n          user@host\n    - wire_guard_download:\n        system_user: wireguard-downloader\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh9BTe81DC6A0YZALsq9dWcyl6xjjqlxWPwlExTFgBt\n          user@host\nyubihsm2:\n  connections:\n    - mock\n  mappings:\n    - admin:\n        authentication_key_id: 1\n    - audit_log:\n        authentication_key_id: 2\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkpXKiNhy39A3bZ1u19a5d4sFwYMBkWQyCbzgUfdKBm\n          user@host\n        system_user: metrics-user\n    - backup:\n        authentication_key_id: 3\n        wrapping_key_id: 2\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrIYA+bfMBThUP5lKbMFEHiytmcCPhpkGrB/85n0mAN\n          user@host\n        system_user: backup-user\n    - hermetic_audit_log:\n        authentication_key_id: 4\n        system_user: yubihsm2-hermetic-metrics-user\n    - signing:\n        authentication_key_id: 5\n        key_setup:\n          key_type: Curve25519\n          key_mechanisms:\n            - EdDsaSignature\n          signature_type: EdDsa\n          key_context:\n            openpgp:\n              user_ids:\n                - Foobar McFooface <foobar@mcfooface.org>\n              version: \"4\"\n        domain: 1\n        signing_key_id: 1\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh96uFTnvX6P1ebbLxXFvy6sK7qFqlMHDOuJ0TmuXQQ\n          user@host\n        system_user: signing2\n";
Expand description

Config with YubiHSM2 mockhsm backend.

  • Shamir’s Secret Sharing for administrative secrets
  • plaintext for non-administrative secrets