From b8af9fe60f27353bdd5933ed37508b30d4290046 Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Sun, 5 Jun 2016 22:18:24 +0100 Subject: Add AWS S3 and Google GCS virtual filesystems. This allows the signing key to be read directly from S3 using a path like /s3// or /gcs//. --- example-server.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'example-server.conf') diff --git a/example-server.conf b/example-server.conf index 94c6b69..5a88615 100644 --- a/example-server.conf +++ b/example-server.conf @@ -1,3 +1,4 @@ +# Server config server { use_tls = true # Optional. If this is set then `tls_key` and `tls_cert` must be set tls_key = "server.key" # Path to TLS key @@ -6,6 +7,7 @@ server { cookie_secret = "supersecret" # Authentication key for the client cookie } +# Oauth2 configuration auth { provider = "google" # Oauth provider to use oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID @@ -16,9 +18,18 @@ auth { } } +# Configuration for the certificate signer. ssh { signing_key = "signing_key" # Path to the CA signing secret key additional_principals = ["ec2-user", "ubuntu"] # Additional principals to allow max_age = "720h" # Maximum lifetime of a ssh certificate permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate. } + +# Optional AWS config. if an aws config is present, the signing key can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`. +# These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk +aws { + region = "eu-west-1" + access_key = "abcdef" + secret_key = "xyz123" +} -- cgit v1.2.3