aboutsummaryrefslogtreecommitdiff
path: root/example-server.conf
diff options
context:
space:
mode:
Diffstat (limited to 'example-server.conf')
-rw-r--r--example-server.conf23
1 files changed, 3 insertions, 20 deletions
diff --git a/example-server.conf b/example-server.conf
index 795acc5..52d534d 100644
--- a/example-server.conf
+++ b/example-server.conf
@@ -10,15 +10,12 @@ server {
}
# Oauth2 configuration
-auth {
- provider = "google" # Oauth provider to use
+github {
oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID
oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy" # Oauth client secret
oauth_callback_url = "https://sshca.example.com/auth/callback" # Oauth callback url
- provider_opts {
- domain = "example.com" # Oauth-provider specific options
- }
- users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"] # Optional
+ users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"]
+ orgs_whitelist = ["org1", "org2"]
}
# Configuration for the certificate signer.
@@ -28,17 +25,3 @@ ssh {
max_age = "720h" # Maximum lifetime of a ssh certificate
permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc", "force-command=/bin/ls"] # Permissions associated with a certificate
}
-
-# Optional AWS config. if an aws config is present, then files (e.g. signing key or tls cert) can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`.
-# These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk
-aws {
- region = "eu-west-1"
- access_key = "abcdef"
- secret_key = "xyz123"
-}
-
-# Optional Vault config. If a vault config is present then files (e.g. signing key or tls cert) can be read from a vault server using the syntax `/vault/secret/service/key_name`.
-vault {
- address = "https://127.0.0.1:8200"
- token = "83f01274-c6f0-4dae-aab9-13a6fc62772e"
-}